Investigation of Triangular Spamming: a Stealthy and Efficient Spamming Technique

Zhiyun Qian, Zhuoqing Morley Mao, Yinglian Xie, and Fang Yu

Abstract

Spam is increasingly accepted as a problem

associated with compromised hosts or email accounts. This

problem not only makes the tracking of spam sources difficult

but also enables a massive amount of illegitimate or unwanted

emails to be disseminated quickly. Various attempts have been

made to analyze, backtrack, detect, and prevent spam using

both network as well as content characteristics. However,

relatively less attention has been given to understanding

how spammers actually carry out their spamming activities

from a network angle. Spammers’ network behavior has

significant impact on spammers’ common goal, sending spam

in a stealthy and efficient manner. Our work thoroughly

investigates a fairly unknown spamming technique we name

as triangular spamming that exploits routing irregularities of

spoofed IP packets. It is highly stealthy and efficient in that

triangular spamming enables 1) exploiting bandwidth diversity

of botnet hosts to carry out spam campaigns effectively without

divulging precious high-bandwidth hosts and 2) bypassing the

current SMTP traffic blocking policies. Despite its relative

obscurity, its use has been confirmed by the network operator

community. Through carefully devised probing techniques and

actual deployment of triangular spamming on Planetlab (a

wide-area distributed testbed), we investigate the feasibility,

impact of triangular spamming and propose practical detection

and prevention methods. From our probing experiments,

we found that 97% of the networks which block outbound

SMTP traffic are vulnerable to triangular spamming and only

44% of them are listed on Spamhaus Policy Blocking List

(PBL).

Details

Publication typeInproceedings
Published inIEEE Symposium on Security and Privacy (Oakland) 2010
> Publications > Investigation of Triangular Spamming: a Stealthy and Efficient Spamming Technique