Presentation is loading. Please wait.

Presentation is loading. Please wait.

Final Lab - Spam Group 10: Scott Durr Stephen Thompson.

Published byAshlee Barker Modified over 8 years ago

Similar presentations

Presentation on theme: "Final Lab - Spam Group 10: Scott Durr Stephen Thompson."— Presentation transcript:

1 Final Lab - Spam Group 10: Scott Durr Stephen Thompson

2 Outline Introduction Introduction Set up Set up Obtaining Email Addresses Obtaining Email Addresses Sending Mass Emails Sending Mass Emails Filtering & Stopping Spam Filtering & Stopping Spam

3 Introduction Almost 90% of email is now considered Spam! –Messaging Anti-Abuse Working Group Report #6, Oct 2007 Huge drain on resources Huge drain on resources Strains the infrastructure Strains the infrastructure Distracts/Annoys us all Distracts/Annoys us all Major delivery mechanism for Malware! Major delivery mechanism for Malware!

4 The Costs The State of California estimates Spam cost the state’s economy $1.2 billion in 2003. The estimate the entire US suffered a $10 billion loss in that same year. The State of California estimates Spam cost the state’s economy $1.2 billion in 2003. The estimate the entire US suffered a $10 billion loss in that same year. –http://www.spamlaws.com/state/ca.shtml http://www.spamlaws.com/state/ca.shtml That was in 2003… That was in 2003…

5 Our Set Up Host Machine: 57.35.6.131 RedHat7.2 Machine: 57.35.6.132 Servers WinXP: 57.35.6.133 WinXP2: 57.35.6.134 Clients

6 Major Software Packages Apache2 Web Server Apache2 Web Server Sendmail Email Server w/ SpamAssasin Sendmail Email Server w/ SpamAssasin –Included on lab installs of Redhat 7.2 and Redhat WS 4.0 Qpopper Qpopper –POP3 server PINE PINE Outlook Express Outlook Express –Included with WinXP Evolution Evolution –Included with RedHat Spam software: Spam software: –Atomic Email Hunter & Atomic Email Sender

7 Two Email Servers Set up with slightly different rules for comparison Set up with slightly different rules for comparison Were NOT able to SMTP between Sendmail servers because Sendmail MUST have DNS running in order to find other servers. Were NOT able to SMTP between Sendmail servers because Sendmail MUST have DNS running in order to find other servers. –We didn’t want to tackle the additional setup. –We could accomplish what we wanted without it.

8 Obtaining Email Addresses Many different methods, but we focus on: Many different methods, but we focus on: –Email address spider –Anonymous FTP trick –Verification of Email addresses at the server

9 Email Address Spiders Crawl the web and copy anything that looks like an email address. Crawl the web and copy anything that looks like an email address. Implemented a basic one with wget and grep, using a regular expression: Implemented a basic one with wget and grep, using a regular expression: wget –rFO lotsofhtml.txt http://localhost/ egrep –rhoie ‘[[:alnum:]\.\-\_]+\@[[:alnum:]\.\-]+\.[a-zA-Z]{2,3}’ lotsofhtml.txt That regex is: [[:alnum:]\.\-\_]+\@[[:alnum:]\.\-]+\.[a-zA-Z]{2,3} Example Example

10 “Atomic Email Hunter” Commercial Windows program that implements an email address spider. Commercial Windows program that implements an email address spider. Tested on the same dummy websites as our homemade one. Tested on the same dummy websites as our homemade one. Has a lot more features. Has a lot more features.

11

12 Anonymous FTP A throwback from the days of old: Anonymous FTP logins require an email address as a password! A throwback from the days of old: Anonymous FTP logins require an email address as a password! Set up your web page to grab images via FTP vice HTML and some browsers will cough up an email address. Set up your web page to grab images via FTP vice HTML and some browsers will cough up an email address. Tested on Mozilla and IE: they give dummy addresses. Tested on Mozilla and IE: they give dummy addresses.

13 Verifying Email Addresses Why is this important? Why is this important? –A “good” email list will minimize alerts that might catch the spammer. –Allows for a ‘guess and test’ method of email address discovery. VRFY and EXPN VRFY and EXPN –Ask the server if an address is good (VRFY) –Ask the server about an alias/list (EXPN) –Disable these!

14 Verifying Email Addresses During the SMTP exchange, you pass a “TO” address to the server. It will come back and tell you if it is good! During the SMTP exchange, you pass a “TO” address to the server. It will come back and tell you if it is good! Email header implemented by many clients: Email header implemented by many clients: Return-Receipt-To: Return-Receipt-To: X-Confirm-Reading-To: X-Confirm-Reading-To: Make sure you disable these as defaults in Outlook and others!

15 Defeating those Email Spiders Two choices Two choices –Hide your email address –Actively counter spiders

16 Hide your email address Use script to return an email address instead of putting the address in code. Use script to return an email address instead of putting the address in code. ECE does this for their faculty! ECE does this for their faculty! Great example, courtesy of Mr. Tim Williams at U. Arizona: Great example, courtesy of Mr. Tim Williams at U. Arizona: http://www.u.arizona.edu/~trw/spam/spam4.htm

17 WPoison Available at http://www.monkeys.com/wpoison/ Available at http://www.monkeys.com/wpoison/ http://www.monkeys.com/wpoison/ Actively thwarts spiders by generating random pages with more links and email addresses. Actively thwarts spiders by generating random pages with more links and email addresses. Each link leads right back to WPoison! Each link leads right back to WPoison! –Run the spider in a circle, filling it with garbage. –We have a video

18 WPoison Movie

19 Sending Mass Emails Methods Methods 1. Use your own (school/isp) SMTP server You will probably get caught and shut down! You will probably get caught and shut down! 2. Use another, third party SMTP server You will probably be blocked from Relaying You will probably be blocked from Relaying 3. Connect directly to the recipient’s server This takes some work, and you might get blacklisted This takes some work, and you might get blacklisted 4. Do any of the above via a Bot Net Even if you get caught, you don’t get blocked! Even if you get caught, you don’t get blocked!

20 Our Simulations Host Machine: 57.35.6.131 RedHat7.2 Machine: 57.35.6.132 Servers WinXP: 57.35.6.133 WinXP2: 57.35.6.134 Clients Fictional yahoo.com Method #4: Bot Net Method # 1: Use your SMTP Server Method #2: Use a Third Party SMTP Server Method #3: Connect Directly to Victim’s SMTP Server

21 Mass Email Countermeasures Limit who can send on your server Limit who can send on your server –Only users on the domain can “RELAY” –Use a blacklist to prevent connections from known spammers Filter messages as they come in Filter messages as they come in

22

23 SpamAssassin Open source & extremely common Open source & extremely common Very complex Very complex –Lots of rules –Uses scores to determine what is spam –Has learning capabilities Can connect to services to receive rules and blacklists Can connect to services to receive rules and blacklists –www.spamhaus.org www.spamhaus.org More info at: http://spamassassin.apache.org More info at: http://spamassassin.apache.org

24 SpamAssassin in the Lab We walk through the setup of some basic rules. We walk through the setup of some basic rules.

25

26 Your Last Line of Defense… The email client The email client Web-based email clients can rapidly aggregate feedback and build more responsive filters. Web-based email clients can rapidly aggregate feedback and build more responsive filters. Gmail, Yahoo, Hotmail, etc. Gmail, Yahoo, Hotmail, etc.

27 In the Lab Summary Set up Servers Set up Servers Harvest emails Harvest emails –Email Address Spiders: wget/grep & Atomic –FTP method Experiment with address verification Experiment with address verification Send mass emails through each scenario Send mass emails through each scenario –Use manual connection and Atomic Email Sender Implement some countermeasures Implement some countermeasures –RELAY limitations –WPoison –Hide Email Addresses Install, setup, and test SpamAssassin Install, setup, and test SpamAssassin

28 Questions?

Download ppt "Final Lab - Spam Group 10: Scott Durr Stephen Thompson."

Similar presentations

Basic Communication on the Internet:

Basic Communication on the Internet:
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Addressing spam email and enforcing a Do Not Email Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.
Dealing With Spam The email kind, not the Food product.

Dealing With Spam The kind, not the Food product.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
Phishing (pronounced “fishing”) is the process of sending e-mail messages to lure Internet users into revealing personal information such as credit card.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.
By Won Lee.  Stands for Simple Mail Transfer Protocol  Used for sending and receiving electronic mail efficiently and reliably  Daily function of life.

By Won Lee.  Stands for Simple Mail Transfer Protocol  Used for sending and receiving electronic mail efficiently and reliably  Daily function of life.
COS 125 DAY 4. Agenda Questions from last Class?? Today’s topics Communicating on the Internet Assignment #1 due Assignment #2 will be posted next week.

COS 125 DAY 4. Agenda Questions from last Class?? Today’s topics Communicating on the Internet Assignment #1 due Assignment #2 will be posted next week.
Remote mailbox access gateway Software lab project.

Remote mailbox access gateway Software lab project.
COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.

COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.
Sender policy framework. Note: is a good reference source for SPFhttp://www.openspf.org/

Sender policy framework. Note: is a good reference source for SPFhttp://
Chapter 4 Creating a Website from an InDesign Layout.

Chapter 4 Creating a Website from an InDesign Layout.
Magaly Mosleh Melissa Francis.  Definition and difference  How to use it?  Providers.

Magaly Mosleh Melissa Francis.  Definition and difference  How to use it?  Providers.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.
Spam Reduction Techniques Using greylisting and SpamAssassin.

Spam Reduction Techniques Using greylisting and SpamAssassin.
Managing and Avoiding Junkmail. Junk E-mail  Where does Junk Mail come from? People with whom you do business  Pepsi Friends of people with whom you.

Managing and Avoiding Junkmail. Junk  Where does Junk Mail come from? People with whom you do business  Pepsi Friends of people with whom you.
OCR Functional Skills Keywords Use the right keywords To do this you need to know what it is you are searching for! – For example, you might want to search.

OCR Functional Skills Keywords Use the right keywords To do this you need to know what it is you are searching for! – For example, you might want to search.
1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do.

1. Introduction The underground Internet economy Web-based malware The system analyzing the post-infection network behavior of web-based malware How do.
E-mail-I CS-3505 Wb_e-mail-I.ppt. Email 4 The most useful feature of the internet 4 Lots of different email programs, but most of them can talk to each.

-I CS-3505 Wb_ -I.ppt. 4 The most useful feature of the internet 4 Lots of different programs, but most of them can talk to each.

Similar presentations

Ads by Google