Presentation is loading. Please wait.

Presentation is loading. Please wait.

SPAM. Problem Description  Develop a tool to send email with phony SMTP headers to simulate SPAM.  Latest initiatives to reduce SPAM.

Similar presentations


Presentation on theme: "SPAM. Problem Description  Develop a tool to send email with phony SMTP headers to simulate SPAM.  Latest initiatives to reduce SPAM."— Presentation transcript:

1 SPAM

2 Problem Description  Develop a tool to send email with phony SMTP headers to simulate SPAM.  Latest initiatives to reduce SPAM

3 Email Protocols  Simple Mail Transfer Protocol (SMTP) – Transfer mail reliably and efficiently. Used to send emails between 2 SMTP servers (mail transfer agents)  Post Office Protocol (POP) or Internet Message Access Protocol (IMAP) – Retrieve mail from SMTP servers to email client (mail user agent)

4 Email Flow illus Protocols  Delivery initiated by transfer of message to SMTP server  Bases on domain of recipient, SMTP server queries DNS server for the name of destination SMTP server  If recipient account exists on destination server, email is tranferred  If destination server cannot be contacted, mail transferred to an intermediate relay server. This will transfer to dest or other relays SMTP Internet Local Mail Transfer Agent (Sendmail, MS Exhange) Email Client Remote Mail Transfer Agent (Sendmail, MS Exhange) Mail Client POP/IMAP Mail Relay Servers (Sendmail, MS Exhange) DNS server

5 Differences : IMAP/POP

6 SMTP Protocol  Simple ASCII Protocol (protocol that transmits only ASCII characters and uses ASCII control codes. Demands little, if any, error checking). SMTP service runs on port 25.  No authentication to send email, only to retrieve (POP)

7 Run SMTP via telnet Client initiates connection (“telnet cs.sjsu.edu 25”), No login/password reqd Greeting - 220 eniac.cs.sjsu.edu ESMTP Sendmail 8.12.10/8 HELO request, waits for resp. Quits if server refusesReturns status code and text MAIL FROM requestReturns status code, 250 for success, 500 for failure RCPT TO requestReturns status code DATA requestReturns status code QUIT requestDisconnects

8 Program  Implementation of SMTP protocol. Uses socket communication  No login/passwd. cs.sjsu.edu as server

9 Program Output  The From, To and originating PC name fields are received correctly.  IP address of PC still visible. Procedure to hide IP involves manipulating data at network layer instead of application. Sendmail daemons (UNIX) used to forge IPs. No conclusive evidence on checking source code

10 Hide IP in SMTP headers  Open relay (insecure relay/third-party relay) is an SMTP e-mail server that allows third-party relay of e-mail messages (process emails neither for/from local user). Unaware owner donates network and computer resources to the sender's purpose. So, cs.sjsu.edu was used as an open relay in previous example.  A blind relay is a relay that hides (modifies) the IP address of the sender and relays the message to destination

11 Scenarios to Hide IP  Spammer buys “service” from Blind Relay service provider to “relay” his emails  Spammer sends bulk emails via ISP server to Blind Relay Host  Blind Relay Host forges SMTP headers, modifying the IP addresses/hostnames of spammer and his ISP  Blind Relay forwards the emails to destination or to the next relay host. The destination host thinks that the emails originated from an “untraceable” server. Relay host server claims it has been “spammed”. Internet Spammer ISP/Firewall Blind Relay Destination Host

12 How to reduce SPAM?  Filters – Text based  Turing Tests – CAPTCHA (Visual/Audio)  Sender Pays - The Penny Black Project

13 Penny Black Project  Penny Black stamp reformed British postal system in 1830s. Before this, postage was paid by addressee and calculated for each letter. After Penny Black, cost of postage shifted to sender.

14 Computational Spam Fight  "If I don't know you, and you want to send me unsolicited mail, then you must prove to me that you have expended 10 secs, just for me and just for this message." S’pose, effort may be in terms of CPU cycles. With 80,000 secs/day and 10 secs/msg, spammer restricted to 8,000 msgs/server/day. More investment on servers reqd to generate current traffic (biggest spammers send 250 mil/day).  User Experience: o Automatically and in the background o Checking proof extremely easy

15 Economics  (80,000 s/day) / (10s/message) = 8,000 msgs/day  Hotmail’s billion daily spams: o 125,000 CPUs o Up front capital cost just for HM: circa $150,000,000  The spammers can’t afford it.  Sites like Amazon unaffected as it will add fraction of a penny to total cost/per order  Circa 300 people total; very top few spammers make a few million/year (F. Krueger, SMN; also, see the recent articles about Alan Ralsky)  Comparison: FastClick, with 30% of popunder market, has profit of $2 mil/yr (income of $4 mil/yr)

16  Hard to compute; f(S,R,t,nonce) lots of work for the sender  Easy to check “z = f(S,R,t,nonce)” little work for receiver  Parameterized to scale with Moore's Law easy to exponentially increase computational cost, while barely increasing checking cost Cryptographic Puzzles Sender client S Sender client S Recipient client R Recipient client R m, f(S,R,t,nonce)

17 Memory Bound Puzzles  Slow CPUs are a lot slower than the fastest o Factor of 10 – 30 within desktops  Memory latencies vary little o factor of 3  So: design a puzzle leading to a large number of cache misses o Equalizes actual computation time

18 Ticket Server (Ideal Message Flow) Ticket kit = (#, puzzle) Ticket = (#, response)  Tickets may be accumulated in advance (pre-computation).  Centralization eases updates Recipient Server MSG + Ticket Sender Ticket Server Get Ticket Kit HTTP SMTP HTTP Ticket OK? 1,2 4,5 3

19 Conclusions  Computational spam-fighting – No money is charged, No challenge-response mechanism, Control of mail servers remains as it is now, no infrastructure change - four Stanford students implemented the scheme. Once in place, virtually no maintenance  Who chooses f? o One global f? Who sets the price?  How is f distributed (ultimately)? o Global f built into all mail clients? ISPs?  Awkward Introductory Period o Old versions of mail programs; bounces  Very Slow/Small-Memory Machines

20 References  http://www.faqs.org/rfcs/rfc2821.html http://www.faqs.org/rfcs/rfc2821.html  http://whatis.techtarget.com/definition/ 0,,sid9_gci782509,00.html http://whatis.techtarget.com/definition/ 0,,sid9_gci782509,00.html  http://www.codeguru.com/Cpp/I- N/internet/ http://www.codeguru.com/Cpp/I- N/internet/  http://www.insecure.org/sploits/sendmail.helo.overflow.html http://www.insecure.org/sploits/sendmail.helo.overflow.html  MSDN Library – Penny Black Project


Download ppt "SPAM. Problem Description  Develop a tool to send email with phony SMTP headers to simulate SPAM.  Latest initiatives to reduce SPAM."

Similar presentations


Ads by Google