How Dynamic are IP Addresses

Yinglian Xie, Fang Yu, Kannan Achan, Eliot Gillum, Moisés Goldszmidt, and Ted Wobber

Abstract

This paper introduces a novel algorithm, UDmap, to identify dy-namically assigned IP addresses and analyze their dynamics pat-tern. UDmap is fully automatic, and relies only on application-level server logs. We applied UDmap to a month-long Hotmail user-login trace and identified a significant number of dynamic IP addresses-more than 102 million. This suggests that the fraction of IP addresses that are dynamic is by no means negligible. Using this information in combination with a three-month Hotmail email server log, we were able to establish that 95.6% of mail servers setup on the dynamic IP addresses in our trace sent out solely spam emails. Moreover, these mail servers sent out a large amount of spam-amounting to 42.2% of all spam emails received by Hot-mail. These results highlight the importance of being able to accu-rately identify dynamic IP addresses for spam filtering. We expect similar benefits to arise for phishing site identification and botnet detection. To our knowledge, this is the first successful attempt to automatically

identify and understand IP dynamics.

Details

Publication typeInproceedings
Published inProceedings of the ACM SIGCOMM Conference
URLhttp://doi.acm.org/10.1145/1282380.1282415
AddressKyoto, Japan
PublisherAssociation for Computing Machinery, Inc.
> Publications > How Dynamic are IP Addresses