Can DNS Blacklists keep up with Bots
This is a short paper by Anirudh Ramachandran, David Dagon and Nick Feamster of the College of Computing at the Georgia Institute of Technology. This paper tries to conduct an evaluation of the effectiveness and responsiveness of DNS blacklists, in blocking spam.
According to the authors, DNSBL was an effective method when spammers were less agile. However, these days with the use of automated botnets for sending spam, spam is being sent from a much larger number of IP addresses and each host is relatively transient in nature. This transience requires that the blacklists be highly responsive in nature.
The paper goes on to explain an experiment and then provides a report on the preliminary tests. They conclude that, over 60% of the lookups were looked up by just one domain and around 10% of bots generate lookups from a large number of distince domains and only 5% out of them are blacklisted.
According to the authors, DNSBL was an effective method when spammers were less agile. However, these days with the use of automated botnets for sending spam, spam is being sent from a much larger number of IP addresses and each host is relatively transient in nature. This transience requires that the blacklists be highly responsive in nature.
The paper goes on to explain an experiment and then provides a report on the preliminary tests. They conclude that, over 60% of the lookups were looked up by just one domain and around 10% of bots generate lookups from a large number of distince domains and only 5% out of them are blacklisted.
posted by Ankur Bhamri at 4:50 PM
0 Comments:
Post a Comment
<< Home