Researchers Build TCP-Based Spam Detection 81
itwbennett writes "In a presentation at the Usenix LISA conference in Boston, researchers from the Naval Academy showed that signal analysis of factors such as timing, packet reordering, congestion and flow control can reveal the work of a spam-spewing botnet. The work 'advanced both the science of spam fighting and ... worked through all the engineering challenges of getting these techniques built into the most popular open-source spam filter,' said MIT computer science research affiliate Steve Bauer, who was not involved with the work. 'So this is both a clever bit of research and genuinely practical contribution to the persistent problem of fighting spam.'"
Re:Please stop (Score:4, Interesting)
This rather assumes that every MTA will have the same threshold. It is not necessary (or helpful) to have a security monoculture.
A very simple first defence against such rate tuning is to randomly vary thresholds substantially between systems and from time to time.
Rgds
Damon