Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share
  • icon

"Dark Traffic" Consumes Overwhelming Amount Of E-mail Resources


The volume of illegitimate e-mail, dubbed "dark traffic," and coming largely from spammers, is up dramatically since the first quarter of 2005, a messaging security vendor reported Tuesday.

By Gregg Keizer
TechWeb News
December 14, 2005 09:54 AM

The amount of valid e-mail as a percentage of all incoming traffic has declined sharply since the beginning of the year, a messaging security vendor reported Tuesday, due to a tripling of directory harvest attacks by spammers after addresses.

Illegitimate traffic, dubbed "dark traffic" by Tumbleweed Communications is a nod to astronomy's "dark matter." It is comprised of directory harvest attacks (DHAs), denial-of-service attacks, malformed SMTP packets, and invalid recipient addresses, which now account for 83 percent of all incoming bits. That's up from 64 percent in the previous reporting period, 2005's first quarter.

DHAs are brute force attempts by spammers to find valid e-mail addresses; the spammer connects to business's email server and guesses addresses until he gets some right. Those addresses are then harvested for use in later spam campaigns.

"In our first Dark Traffic Report, we were genuinely surprised at the amount of hidden traffic flowing into the enterprise," said John Thielens, chief technology officer of Tumbleweed, in a statement. "We were again surprised to see such large jumps in directory harvest attacks and denial of service attacks."

DHAs grew by 170 percent since the first quarter, added Thielens, and denial-of-service attacks leapt 300 percent.

According to Tumbleweed's data, DHAs now account for 27 percent of all incoming e-mail traffic, while messages to invalid recipients--the vast bulk of which is due to spamming--account for 43 percent of incoming traffic.

"Enterprises are spending far too much on e-mail infrastructure to handle the 80-plus percent of useless traffic that could be stopped at the network perimeter," said Thielens.

Directory harvest attacks pose a serious threat to network security, Tumbleweed's report noted, since over 40 percent of surveyed enterprises use an employee's e-mail address as his or her log-in user name.

Most passwords can be broken in minutes by dictionary attacks, " the report said. "Once a username is obtained, the hard part is over for the hacker, because poorly chosen passwords are the most common weak link in the security chain. Weak passwords chosen by employees are generally very easy for software to crack in a brute force attack."

The full Dark Traffic report can be downloaded from the Tumbleweed site as a PDF file.


Subscribe to RSS


Advertisement

CAREER CENTER
Ready to take that job and shove it?



TechCareers

SEARCH
Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center





Subscription Info
Apply for a free 52-week subscription to InformationWeek (a $199 value)

Last Name:

First Name:

Title:

Company Name:

City:

Business Address:

Zip:

State:

Email Address:

NOTE: Offer valid for U.S., U.S. possessions, & Canada only

            

Join economist Chris Cornell and 3 CIOs in an Exclusive Online Exchange for Senior IT Executives: Using IT to Drive Value in a Turbulent Economy. November 5th only.