using throttling and traffic shaping to combat spam
play

Using Throttling and Traffic Shaping to Combat Spam Ken Simpson, - PowerPoint PPT Presentation

Sep 23, 2022 •166 likes •509 views

Using Throttling and Traffic Shaping to Combat Spam Ken Simpson, Founder and CEO, for USENIX LISA November 14, 2007 Overview 1. Spammus Historicum 2. Spammus Economicus 3. Spammus Interruptus 4. Question & Answer Beer & Spam at

  1. Using Throttling and Traffic Shaping to Combat Spam Ken Simpson, Founder and CEO, for USENIX LISA November 14, 2007

  2. Overview 1. Spammus Historicum 2. Spammus Economicus 3. Spammus Interruptus 4. Question & Answer • Beer & Spam at 8:30pm Room: “Reunion G”

  3. Spam: A Personal History The good old days. Source: spamnation.info/stats

  4. Spam: A Personal History

  5. The Dawn of Spam • First spam was sent in 1978 • DEC marketing department advertising a seminar in California – Has anything really changed?

  6. Spam Circa 2002 • Not much criminality yet • Spamming still legal in most places • First regex filters introduced • Attack : – Simplistic shrouding of words – v1agra, c1al1s • Response : Smarter regular expressions, and weighted rule sets.

  7. Spam Circa 2003 • CAN-SPAM makes spamming illegal • Some spammers move underground, others become “email marketers” • Volume explodes • Attack : Try hiding in fancy HTML. <html><img src="http://www.your-info-station.com/Sla/chalkboard.gif "><div><ahref="http://www.your-info-station.com/Sla/eb.php? x=52c"><img src="http://www.your-info- station.com/Sla/pitch.gif"></a></html> • Response : Filter on URLs, not words. Introduce Bayesian filtering. Blacklists.

  8. Spam Circa 2004 • Bill Gates predicts spam will be gone in two years • Attack: – Switch to botnets • Response: – Improve reputation systems – Build enormous spamtraps – Implement greylisting

  9. Spam Circa 2005-Present • Attacks : – Poison statistical filters – Hire full-time virus writers – Diversify into phishing and identity theft – Work with the mafia on stock spam – Rinse and repeat • Responses: – Fingerprint-based filters

  10. Spammer Economics • Average filter accuracy is 90% – 1/10 of spam messages get through • Improve accuracy to 95% – 1/20 of spam messages get through • Solution? – Double spam volume – Same profit

  11. 11

  12. How often do we see a unique Botnet IP? The Number of Unique IP's versus the number of times reported 800000 700000 600000 500000 # Unique Botnet IP's 400000 300000 200000 100000 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 # Times Reported

  13. Blacklists Aren't Perfect

  14. Zombies are Fickle • 201.21.174.207 – RBLs did not block this sender until it had sent 55 emails over 19 days. – All 55 were “rejected” by throttling. – After the RBLs caught up, a further 379 messages were received over 13 days

  15. 15

  16. Getting Paid • EHLO foo.com • 250 Ok • MAIL From: <bar@baz.com> • 250 Ok • RCPT To: <victim@example.com> • 250 Ok • DATA • 354 Go ahead • ... • 250 Queued – Now I make some money

  17. S p a m m e rs a re L e s s P a tie n t th a n L e g itim a te S e n d e rs 100% S pam m ers 90% 80% Leg itim ate S enders 70% 60% 50% 40% 30% 20% 10% n o n C d n P n o C S o g o e e s e e a e e c c c 0% t r t f t t i i l 0 50 100 150 200 250 300 350 400 450 T im e (S e c on d s ) 17

  18. Intermission • Improving filters is hard • Identifying zombies is hard • What can we do?

  19. Idea • What can we do? • Attack the economics of the botnet.

  21. Case Study October, 2006 October, 2006 Before Traffic Control After Traffic Control 2.5M 0.7M 3.5M 3.5M Six Overloaded Servers Two Servers

  25. Typical SMTP Session Duration Typical SMTP Session Slow ed Dow n Session 40 35 30 Time (Seconds) 25 20 15 10 5 0

  27. 27

  29. One of these kids is not like the others... Not delivered Delivered Windows Windows Linux Linux FreeBSD FreeBSD Solaris Solaris Novell Novell HP HP NetCache NetCache

  30. Storm Botnet Throttling • RBLs rejected 70% of the likely Storm botnet zombies • Of those that remained... – 74% did not complete delivery of a message • 10% were detected as consumer operating systems (Windows 98, Windows XP, etc.) • The rest were unknown, and therefore throttled

  31. A Passing Storm 10 seconds 20 seconds 30 seconds 40 seconds 50 seconds 60 seconds

  32. Conclusions 1.Spamming is driven by economics 2.Botnet operators need to make money 3.Slowing down spam makes it go away • Beer & Spam at 8:30pm Room: “Reunion G”

  33. Nick Shelness, Former CTO, Lotus: “I am able to report that I have been running an instance of TrafficControl in my own network for four months, and that it has reduced the volume of spam hitting my boundary MTAs on most days by approximately 95%.” questions@mailchannels.com +1-778-785-6143 www.mailchannels.com

Recommend

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a

Spam, Spam, Spam Why is spam interesting? Everyone can observe spam. Spam / Anti-spam is a highly evolved form of information warfare. Fascinating socioeconomic study with many players - users, ISPs, spammers, technologists, legal

322 views • 17 slides
Traffic Shaping, Traffic Policing Peter Puschner, Institut fr Technische Informatik Traffic

Traffic Shaping, Traffic Policing Peter Puschner, Institut fr Technische Informatik Traffic

Traffic Shaping, Traffic Policing Peter Puschner, Institut fr Technische Informatik Traffic Shaping, Traffic Policing Enforce compliance of traffic to a given traffic profile (e.g., rate limiting) By delaying or dropping certain

389 views • 11 slides
Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam

Spam Fighting at CERN 28 April 2004 Emmanuel Ormancey 1 What is Spam ? What is Spam ? Spam is the friendly name given to unsolicited mail everyone receives in the mailbox. Comes from a Monty Python sketch, where in a caf everything

505 views • 13 slides
Opinion Spam and Analysis NITIN JINDAL &amp; BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL &amp; BING LIU, WSDM 08 UIUC Opinion/Review Spam All

Opinion Spam and Analysis NITIN JINDAL &amp; BING LIU, WSDM 08 UIUC Opinion/Review Spam All spam is spam but some spam is more spam than others Opinion spam similar to web spam or email spam in intent, but different in form / content Web

912 views • 38 slides
Load Balancing in Cellular Networks with User-in-the-loop: A Spatial Traffic Shaping Approach

Load Balancing in Cellular Networks with User-in-the-loop: A Spatial Traffic Shaping Approach

IEEE ICC 2015 Wireless Communications Symposium WC25 Load Balancing in Cellular Networks with User-in-the-loop: A Spatial Traffic Shaping Approach Ziyang Wang, Rainer Schoenen, Halim Yanikomeroglu, Marc St-Hilaire Department of Systems

423 views • 29 slides
End-to-end Methods for Traffic Shaping Detection, Performance Problem Diagnosis, Home Wireless

End-to-end Methods for Traffic Shaping Detection, Performance Problem Diagnosis, Home Wireless

End-to-end Methods for Traffic Shaping Detection, Performance Problem Diagnosis, Home Wireless Troubleshooting Partha Kanuparthy Joint work with Constantine Dovrolis AIMS 2011, CAIDA Friday, February 11, 2011 1 Three Tools ShaperProbe :

561 views • 38 slides
The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation

The CAN-SPAM Act of 2003 D E C E M B E R 2 0 0 3 THE CAN-SPAM ACT OF 2003 Status of Legislation When Congress returns from recess on December 8, 2003, it will finish its work on the CAN-SPAM Act of 2003 (Controlling the Assault of

323 views • 4 slides
Using TCP/IP Traffic shaping to achieve iSCSI service predictability Paper presentation Jarle

Using TCP/IP Traffic shaping to achieve iSCSI service predictability Paper presentation Jarle

Using TCP/IP Traffic shaping to achieve iSCSI service predictability Paper presentation Jarle Bjrgeengen University of Oslo / USIT November 11, 2010 Outline About resource sharing in storage devices Lab setup / job setup Experiment

538 views • 29 slides
Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to

Link Spam Alliances Zoltn Gyngyi Hector Garcia-Molina Class List Spam 101 Intro to web spam Spam 221 Spamming PageRank Spam farm model Optimal farm structure Alliances of two farms Larger alliances Spam

876 views • 30 slides
Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and

Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and

Web Dynamics Web Spam Web Spam Dr. Marc Spaniol Dr. Marc Spaniol Saarbrcken, June 24, 2010 Databases and Information Systems Prof. Dr. G. Weikum MPII-Sp-0710-1/49 Agenda Web spam - Why and what? Web Spam - Spam taxonomy

669 views • 49 slides
Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information

Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information

Web Dynamics Web Spam Web Spam Marc Spaniol Marc Spaniol Saarbrcken, July 23, 2009 Databases and Information Systems Prof. Dr. G. Weikum MPII-Sp-0709-1/49 Agenda Web spam - Why and what? Web Spam - Spam taxonomy Overview

806 views • 49 slides
Throttling numbers for cop vs gambler James Lin Carl Joshua Quines Espen Slettnes mentor: Jesse

Throttling numbers for cop vs gambler James Lin Carl Joshua Quines Espen Slettnes mentor: Jesse

Throttling numbers for cop vs gambler James Lin Carl Joshua Quines Espen Slettnes mentor: Jesse Geneson May 1920, 2018 MIT PRIMES Conference J. Lin, C. J. Quines, E. Slettnes Throttling numbers for cop vs gambler 1 / 21 Cop vs robber

255 views • 21 slides
Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why

Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why

Detecting Product Review Spammers using Rating Behaviors Itay Dressler What is Spam? Why should you care? How to detect Spam? 2 What is Spam? What is Spam? All forms of malicious manipulation of user generated data so as to

943 views • 56 slides
TSLP Throttling Automatic Vectorization: When Less is More Vasileios Porpodas and Timothy M.

TSLP Throttling Automatic Vectorization: When Less is More Vasileios Porpodas and Timothy M.

TSLP Throttling Automatic Vectorization: When Less is More Vasileios Porpodas and Timothy M. Jones University of Cambridge LLVM Developers Meeting 2015 www.cl.cam.ac.uk/ vp331/ slide 1 of 16 Why SIMD Vectorization? Scalar Reg. File

1.55k views • 112 slides
Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood

Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood

Seminar: Future Of Web Search University of Saarland Web Spam Know Your Neighbors: Web Spam Detection using the Web Topology Presenter: Sadia Masood Tutor : Klaus Berberich Date : 17-Jan-2008 The Agenda Focus of the First Paper

1.22k views • 53 slides
spam, ham and other food or how to distribute spam to 100k email addresses Who am I? Debian

spam, ham and other food or how to distribute spam to 100k email addresses Who am I? Debian

spam, ham and other food or how to distribute spam to 100k email addresses Who am I? Debian Developer since 2003 Listmaster Alioth Admin Maintainer of packages like iproute, icinga, nagios and a lot of other useless stu ff

219 views • 20 slides
MetaCAPTCHA: A Metamorphic Throttling Service for the Web Akshay Dua, Thai Bui, Tien Le, Nhan

MetaCAPTCHA: A Metamorphic Throttling Service for the Web Akshay Dua, Thai Bui, Tien Le, Nhan

Introduction System Architecture Evaluations References MetaCAPTCHA: A Metamorphic Throttling Service for the Web Akshay Dua, Thai Bui, Tien Le, Nhan Huynh, Wu-chang Feng { akshay, buithai, letien, nhhuyng, wuchang } @cs.pdx.edu Portland

913 views • 57 slides
Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee

Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee

Machine Learning in Spam Filtering A Crash Course in ML Konstantin Tretyakov kt@ut.ee Institute of Computer Science, University of Tartu Overview Spam is Evil ML for Spam Filtering: General Idea, Problems. Some Algorithms Nave Bayesian

391 views • 35 slides
Shaping the Future (Future shaping us) A Montfortian Synthesis (MONTFORTIAN TERCENTENARY:

Shaping the Future (Future shaping us) A Montfortian Synthesis (MONTFORTIAN TERCENTENARY:

Shaping the Future (Future shaping us) A Montfortian Synthesis (MONTFORTIAN TERCENTENARY: Honouring the Past, Treasuring the Present, Shaping the Future) Introduction: My concern in this paper is to speak about Montfortians shaping the future

497 views • 14 slides
F- 35A Lightning II Australias Next Generation Air Combat Aircraft UNCLASSIFIED New Air

F- 35A Lightning II Australias Next Generation Air Combat Aircraft UNCLASSIFIED New Air

F- 35A Lightning II Australias Next Generation Air Combat Aircraft UNCLASSIFIED New Air Combat Capability Australian Business Defence Industry Unit Lunch Air Vice-Marshal Kym Osley Program Manager New Air Combat Capability February

439 views • 26 slides
x 2 &gt; b w T x &gt; 0 SPAM!! x ( x , 1) w 3 x 3 w T x + b ( w , b ) T ( x , 1)

x 2 &gt; b w T x &gt; 0 SPAM!! x ( x , 1) w 3 x 3 w T x + b ( w , b ) T ( x , 1)

A neuron (or how our brains work) Linear models Subhransu Maji CMPSCI 670: Computer Vision November 3, 2016 Neuroscience 101 CMPSCI 670 Subhransu Maji (UMASS) 2 Perceptron Example: Spam Input are feature values Imagine 3 features (spam

682 views • 8 slides
Spam Filtering with Naive Bayes Classifier Yuriy Arabskyy June 6, 2017 Table of contents What

Spam Filtering with Naive Bayes Classifier Yuriy Arabskyy June 6, 2017 Table of contents What

Spam Filtering with Naive Bayes Classifier Yuriy Arabskyy June 6, 2017 Table of contents What is spam? Different spam types Anti-Spam Techniques Probability theory basics Conditional probability Bayes Theorem Naive Bayes Theorem Spam

1.04k views • 27 slides
Spam-URL Detection via Redirects Heeyoung Kwon Mirza Basim Baig Leman Akoglu Era of Spam Era

Spam-URL Detection via Redirects Heeyoung Kwon Mirza Basim Baig Leman Akoglu Era of Spam Era

A Domain-Agnostic Approach to Spam-URL Detection via Redirects Heeyoung Kwon Mirza Basim Baig Leman Akoglu Era of Spam Era of Spams [1] [1] Social Media Spamming Grew By 658% Between 2013 And 2014: Entertainment, Financial And News

241 views • 20 slides
Year 11 Core GCSE Support 2017 'Shaping Futures' 'Shaping Futures' Three way Partnership

Year 11 Core GCSE Support 2017 'Shaping Futures' 'Shaping Futures' Three way Partnership

Year 11 Core GCSE Support 2017 'Shaping Futures' 'Shaping Futures' Three way Partnership Student School Family 'Shaping Futures' How to approach your exams like an Olympian 'Shaping Futures' 'Shaping Futures' How to approach your

914 views • 60 slides

More recommend