1 Aug. 3 rd, 2007Conference on Email and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

Slides:

Advertisements

Similar presentations

1 Effective, secure and reliable hosted security and continuity solution.

Advertisements

IP Warming Overview and Implementation Using Eloqua.

© 2012 Eloqua, Inc. Confidential 1 Deliverability and IP Warming Overview and Implementation Using Eloqua.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

DNS Security Overview AROC Guatemala July What’s the Problem? Until July of 2008 the majority of authoritative DNS servers worldwide were completely.

Course 201 – Administration, Content Inspection and SSL VPN Filtering

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

DNSOP WG IETF-67 SPF/Sender-ID DNS & Internet Threat Douglas Otis

----Presented by Di Xu  Introduction  Overview of Spam  Solutions to Spam  Conclusion.

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.

DomainKeys Identified Mail (DKIM): Introduction and Overview Eric Allman Chief Science Officer Sendmail, Inc.

Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.

Using “Account-free” Services to Combat Phishing, Brand Infringement, and Other Online Threats Qi-fense LLC © 2009 Sebastian Holst

The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.

1 Enhancing Address Privacy on Anti-SPAM by Dou Wang and Ying Chen School of Computer Science University of Windsor October 2007.

Preventing Spam For SIP-based Sessions and Instant Messages Kumar Srivastava Henning Schulzrinne June 10, 2004.

DNS: Revising the Current Protocol Matt Gustafson Matt Weaver CS522 Computer Communications University of Colorado, Colorado Springs.

WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.

Proxy Servers Dr. Ronald Bergmann, CIO, ISO. Proxy servers A proxy server is a machine which acts as an intermediary between the computers of a local.

Series DATA MANAGEMENT. 1 Why ? Alarm/Status Notification –Remote unattended sites »Pumping stations –Pharmaceutical/Plant maintenance.

Lecture 15 Denial of Service Attacks

1 Authors: Anirudh Ramachandran, Nick Feamster, and Santosh Vempala Publication: ACM Conference on Computer and Communications Security 2007 Presenter:

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Spam Sonia Jahid University of Illinois Fall 2007.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

Spam Reduction Techniques Using greylisting and SpamAssassin.

A centralized system.  Active Directory is Microsoft's trademarked directory service, an integral part of the Windows architecture. Like other directory.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Identity Based Sender Authentication for Spam Mitigation Sufian Hameed (FAST-NUCES) Tobias Kloht (University of Goetingen) Xiaoming Fu (University.

CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

Server Load Balancing. Introduction Why is load balancing of servers needed? If there is only one web server responding to all the incoming HTTP requests.

1 The Business Case for DomainKeys Identified Mail.

May l Washington, DC l Omni Shoreham The ROI of Messaging Security JF Sullivan VP Marketing, Cloudmark, Inc.

Combating Abuse Brian Nisbet NOC Manager HEAnet.

Speaker : YUN–KUAN,CHANG Date : 2009/10/13 Working the botnet: how dynamic DNS is revitalising the zombie army.

B OTNETS T HREATS A ND B OTNETS DETECTION Mona Aldakheel

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.

 Collection of connected programs communicating with similar programs to perform tasks  Legal  IRC bots to moderate/administer channels  Origin of.

1 DNS: Domain Name System People: many identifiers: m SSN, name, Passport # Internet hosts, routers: m IP address (32 bit) - used for addressing datagrams.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

Denial of Service Bryan Oemler Web Enhanced Information Management March 22 nd, 2011.

By: Bill Stevenson Jose Plancarte Erik Magsino. Overview Messaging and collaboration server Send and Receive electronic mail and other forms of interactive.

A Technical Approach to Minimizing Spam Mallory J. Paine.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Tired of Spam? The solution is MailWasher

| imodules.com Marketing Renovation Andrea Ganier and Josh Bourdon.

SPF/Sender-ID DNS & DDoS Threats Operations Analysis and Research Center for the Internet Douglas Otis November 3, 2007

Application Services COM211 Communications and Networks CDA College Theodoros Christophides

A Retrospective on Future Anti-Spam Standards Internet Society of China Beijing – September, 2004 Dave Crocker Brandenburg InternetWorking

Module 5 Managing Message Transport. Module Overview Overview of Message Transport Configuring Message Transport.

SPF/Sender-ID DNS & DDoS Threats Internet Security Operations and Intelligence II Douglas Otis

Understanding the network level behavior of spammers Published by :Anirudh Ramachandran, Nick Feamster Published in :ACMSIGCOMM 2006 Presented by: Bharat.

Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.

1 Information Systems 2/26/03 Tom Coppeto Mark Silis MIT Mail System Update 26 February 2003.

SMTP Tapu Ahmed Jeremy Nunn. Basics Responsible for electronic mail delivery. Responsible for electronic mail delivery. Simple ASCII protocol that runs.

1 DMPT: Controlling Spam Through Message Delivery Differentiation Zhenhai Duan, Kartik Gopalan Florida State University Yingfei Dong University of Hawaii.

ACM Conference on Computer and Communications Security 2006 Puppetnet: Misusing web browsers as a distributed attack infrastructure Network Seminar Presenter:

MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.

The Internet Technological Background. Topic Objectives At the end of this topic, you should be able to do the following: Able to define the Internet.

Spoofing The False Digital Identity. What is Spoofing?  Spoofing is the action of making something look like something that it is not in order to gain.

Spam By Dan Sterrett. Overview ► What is spam? ► Why it’s a problem ► The source of spam ► How spammers get your address ► Preventing Spam ► Possible.

Fighting Spam in an Exchange Environment Tzahi Kolber IT Supervisor - Polycom Israel.

Domain-based Authentication, Reporting, and Conformance

Slides Credit: Sogand Sadrhaghighi

COMPLETE BUSINESS TEXTING SOLUTION

Presentation transcript:

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University of California, San Diego Introduction

2 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Motivation We all know spam is a blight on the Internet – Billions of spam messages sent everyday – Millions of PCs have been harvested, sold and employed to send spam Many existing anti-spam techniques: Why another one? – Existing solutions are complex and/or don’t impose a burden on spammers – There are billions of messages still being sent by many bots Occam is an authentication protocol that is: – Simple to deploy and administer – Forces senders to expose online resources – Designed to decrease the utility of spam bots Introduction

3 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Occam’s Goals Mail authentication aims to verify that the purported sender is the actual sender Eliminates the ability to spoof a domain in an message We have studied authentication from the simplest angle possible: – Asking the sender. For this reason, we refer to the protocol as the Occam protocol Occam’s Razor

4 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor The Occam Protocol Servers can keep logs for some time after they have been contacted in case of a failure on the other end If a receiver does not get a response immediately, they can back off and rate limit, continuing to try to contact the server until a timeout The Occam Protocol

5 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Advantages Ease of Administration – DKIM and SPF require administrators to insert keys into DNS – Easy for knowledgeable admins, hard for many small domain owners – Occam is just a software upgrade Slicing Spam

6 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Advantages Enhanced culpability – Occam authenticates the sender of a message much like SPF and DKIM – However, DKIM requires an expensive cryptographic operation on the receiving side Occam forces the burden of authentication onto the sender of the message – A spammer can easily insert a SPF rule that allows all IP addresses to send Occam makes it harder to use a botnet to send spam Slicing Spam

7 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Advantages Real-time Validation – SPF and DKIM allow for caching of authentication data – Result is that senders need not be online while being authenticated – Occam requires that the authentication “work” be performed online and in a timely fashion – The spammer is forced to expose higher value, online resources, which can then be blacklisted Slicing Spam

8 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Advantages Anti-phishing Capabilities – An unexpected side-effect of Occam is that if any spammer tries to spoof a domain, the actual server has a method to determine who was being phished – The ability to notify customers being phished or take other actions can be a boon to popular phishing targets Slicing Spam

9 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor The Spammer Response Put the bots to work – Spammers could try to use their bots to respond to the Occam protocol, but… – Occam uses MX record, meaning bots Must have existing domain name with a MX record Or be assigned a domain name or sub-domain – Bots must also be able to respond to incoming queries on low ports Result: – Bots (and possibly botnet structure) are exposed, leading to blacklisting – Occam ensures using bots to send spam is difficult Slicing Spam

10 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor The Spammer Response Centralization – Spammers could try to centralize the Occam reply, rather than distributing load – Spammers must keep track of Message-Ids and To fields – Need a server that can handle millions of queries – Exposes this higher value server to blacklisting – Spam campaign can be derailed if only one domain was used Slicing Spam

11 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor The Spammer Response Using Occam as a DDoS Reflector – Internet malcreants could use Occam to cause other domains to surreptiously DoS a server. – However, Occam does not enable DDoS amplification – Indeed, the Occam protocol is a low-overhead protocol, meaning other DDoS methods would be significantly more effective and attractive Slicing Spam

12 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Disadvantages Mobile Mailers – Some users send mail from hosts intermittently connected to the Internet and allow other servers to handle incoming mail – Occam would effectively end this practice. – However, we believe this flexibility in SMTP is abused more by spammers than used by legitimate mailers Slicing Spam

13 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Implementation We have developed a prototype implementation integrated with Sendmail. Initial testing shows similar overhead to SPF (effectively very little) Larger sites would roll their own solution – Naive solution: Centralize logging systems – A better solution: Use the domain name of the sending server in the Occam header. – Allow the sending servers to respond to queries. – No centralization needed. Implementation

14 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Questions and Answers Conclusion