1 RedIRIS Reputation Block List September 2008. RedIRIS Reputation Block ListPágina 2 RedIRIS and mail services At the beginning, RedIRIS was directly.

Slides:

Advertisements

Similar presentations

Eloqua Providing Industry-Leading Management Tools.

Advertisements

Spam Sinkholing Nick Feamster. Introduction Goal: Identify bots (and botnets) by observing second-order effects –Observe application behavior thats likely.

1 Effective, secure and reliable hosted security and continuity solution.

Blacklist, Whitelist & spamtrap Terena EQUAL Workshop Dec 9 th 2009 amsterdam.

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Assurance Gateway Not Just Warmed-over Open Source Technology…

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

Gold Country Computer Learning Center March 2007 Spam Roger Thornburn.

Methods for Stopping Spam James Lick

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

DNSOP WG IETF-67 SPF/Sender-ID DNS & Internet Threat Douglas Otis

AVG Internet Security 7.5 Product presentation.

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

RACE Spanish academic mail network TERENA workshop on Improving the quality of services Amsterdam, 9 December 2009 Evaluating the Best Current Practices.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.

Preventing Spam: Today and Tomorrow Zane Bonny Vilaphong Phasiname The Spamsters!

The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.

Spam May CS239. Taxonomy (UBE)  Advertisement  Phishing Webpage  Content  Links From: Thrifty Health-Insurance Mailed-By: noticeoption.comReply-To:

Preventing Spam For SIP-based Sessions and Instant Messages Kumar Srivastava Henning Schulzrinne June 10, 2004.

1 Authors: Anirudh Ramachandran, Nick Feamster, and Santosh Vempala Publication: ACM Conference on Computer and Communications Security 2007 Presenter:

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Spam Reduction Techniques Using greylisting and SpamAssassin.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

No. 1 anti-spam solution for Exchange/SMTP/Lotus.

Sophos anti-virus and anti-spam for business OARNET October 13, 2004.

IP Blacklisting Causes & Solution Marcus Low, R&D Director InternetNow International Sdn Bhd.

BOTNETS & TARGETED MALWARE Fernando Uribe. INTRODUCTION  Fernando Uribe   IT trainer and Consultant for over 15 years specializing.

Visit for Marketing and Deliverability Tips, Tools, & Trainingwww. Delivered.com.

Antispam GARR Michele Michelotto Hepix Karlsruhe, 11 May 2005.

Untouchable?: A Canadian Perspective on the Anti- Spam Battle Michael Geist Canada Research Chair in Internet & E- commerce Law University of Ottawa, Faculty.

CensorNet Ltd An introduction to CensorNet Mailsafe Presented by: XXXXXXXX Product Manager Tel: XXXXXXXXXXXXX.

May l Washington, DC l Omni Shoreham The ROI of Messaging Security JF Sullivan VP Marketing, Cloudmark, Inc.

Combating Abuse Brian Nisbet NOC Manager HEAnet.

Speaker:Chiang Hong-Ren Botnet Detection by Monitoring Group Activities in DNS Traffic.

Client X CronLab Spam Filter Technical Training Presentation 19/09/2015.

Department of Computer Sciences The University of Texas at Austin Zmail : Zero-Sum Free Market Control of Spam Benjamin J. Kuipers, Alex X. Liu, Aashin.

Vantage Report 3.0 Product Sales Guide

Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.

Content Control Stewart Duncan Technical Manager.

Direct Marketing. Definiton Direct marketing is an interactive system of marketing which uses one or more advertising media to effect a measurable response.

| imodules.com Marketing Renovation Andrea Ganier and Josh Bourdon.

What’s New in WatchGuard XCS v9.1 Update 1. WatchGuard XCS v9.1 Update 1  Enhancements that improve ease of use New Dashboard items  Mail Summary >

CAN SPAM and Your Marketing Best Practices for Senders By Lars Helgeson Cooler .

Phishing Problem Kristián Kučerák Milan Just. Abstract In this age of broadband, wireless, and network interconnectivity, we enjoy the unprecedented power.

Spam from an ISP perspective Simon Lyall, Ihug Uniforum NZ NetForum Conference July 2003.

Understanding the Network-Level Behavior of Spammers Author: Anirudh Ramachandran, Nick Feamster SIGCOMM ’ 06, September 11-16, 2006, Pisa, Italy Presenter:

Understanding the network level behavior of spammers Published by :Anirudh Ramachandran, Nick Feamster Published in :ACMSIGCOMM 2006 Presented by: Bharat.

Source pictures for document ”Thoughts about increasing spam annoyance” by License: This material may be distributed only subject.

How a major ISP built a new anti-abuse platform Mike O’Reirdan Comcast Distinguished Engineer Internet Systems Engineering Comcast National Engineering.

Leveraging Delivery for Spam Mitigation.

Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard XCS What’s New in version 10.1.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco Spam & Virus Blocker Wilson Prokosch WW Channel GTM- Sr. BDM.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

11 Shades of Grey: On the effectiveness of reputation- based “blacklists” Reporter: 林佳宜 /8/16.

CERN - IT Department CH-1211 Genève 23 Switzerland t OIS Update on the anti spam system at CERN Pawel Grzywaczewski, CERN IT/OIS HEPIX fall.

Spam By Dan Sterrett. Overview ► What is spam? ► Why it’s a problem ► The source of spam ► How spammers get your address ► Preventing Spam ► Possible.

[1] Control Spam by the Use of Greylisting Torgny Hallenmark LDC - Computing Center Lund University, Sweden TERENA Networking.

I love # . Marketing in 10 minutes WHY? BUILD TARGET TRACK MEASURE.

Fighting Spam in an Exchange Environment Tzahi Kolber IT Supervisor - Polycom Israel.

Anti-Spam Updates Activity Coordination Meeting March 2006 Kevin Hill.

28th March 2003 SPAM Presenter: Matthew Sullivan.

BUILD SECURE PRODUCTS AND SERVICES

Peer-to-peer networking

TF-MSP 4th February 2010 John DYER TERENA

Spam Fighting at CERN 12 January 2019 Emmanuel Ormancey.

Pavel Dobrý Engineering Director

Marcial Quinones-Cardona

Presentation transcript:

1 RedIRIS Reputation Block List September 2008

RedIRIS Reputation Block ListPágina 2 RedIRIS and mail services At the beginning, RedIRIS was directly involved in the direct provision of services to affiliated institutions However, several years ago it stopped providing those services (including webmail)  End of life cycle within NREN – commodity services provided by the institutions and the market RedIRIS has kept working on issues related to , but mostly trying to improve its quality and to fight against spam  RACE (audit of University mail configuration, coordinated by RedIRIS and done by peers)  Promotion of security policies (e.g., SPF,DKIM,BATV)  Whitelists, spamtraps  These initiatives were well received, but it was necessary to bring them further to have a real impact  Ideas obtained from TF-LCPM (spam filtering services offered by SURFnet and UNINETT, and presented at TF-LCPM meetings)

RedIRIS Reputation Block ListPágina 3 Spam evolution Spam1.0Spam2.0Spam3.0 What’s being sent Unsolicited advertising : Massive distribution of services: Viagra,loans, sex etc. Worms/virus Masive distribution ++ plus economic fraud Images, pdf etc. Convergence spam/worms- virus addresses Simple methodsMassive harvesting of addresses Directionary attacks addresses bought and sold How Open-relayVulnerabilities: cgi, php, open- proxies, sockets Open-proxies, BOTNETs Solutions Basic content filter DNSbl Bayesian, multilingual content filters Evolution of DNSbl zombies Adaptation of content filters New evolución of DNSbl to target zombies Spamtraps

RedIRIS Reputation Block ListPágina 4 Less spam Zombies Some data about zombies (botnets) * New bots per day500 Nº of bots anytime6-8 millions Average lifetime of bots2-3 hours Nº of bots in some attacks Nº of messages sent by botnet80 millions/hour 85% from spam is sent from zombies * Data: “ Threats Trend Report” October Commtouch Block SMTP zombies Warnings about IP zombies Zombies are main origin of spam Identification of zombies

RedIRIS Reputation Block ListPágina 5 Criteria for a reputation system GoalsDescription EffectivenessReduce spam 70-90% False positivesAs few as possible – and easy to solve if any ScalabilityEasy to adapt to new needs SimpleEasy usage and configuration Compatible with users policiesUsers decides what’s spam and what it makes with it ResilienceAny service problem shall not affect users services SupportTechnology known by system administrators OpenComplementarities with RedIRIS projects as white lists, spamtraps ReportDetection of suspicious IP Cost24/7?

RedIRIS Reputation Block ListPágina 6 RedIRIS whitelist Reputation scheme SMTP zombie DNS medium hard SMTP IRISRBL Servicio AntiSpam Red Académica Sends spam to University University Sends spam to spamtraps RedIRIS spamtraps IP DNS query Is IP in the zone?  Updates in real time exclusion External sources: CBL, SORBS, Spamhaus,Sophos rsync

RedIRIS Reputation Block ListPágina 7 Service Model  Need to integrate several sources  RedIRIS internal sources such as spamtraps are statistically very effective, but they cover a very limited part of the zone  It is necessary to add external databases ModelSources MaximumSpamhaus + Habeas + Sophos + TrendMicro Very effective + intermediateSpamhaus80-90% MinimumCBL+DUL+spamcop +…75-80%

RedIRIS Reputation Block ListPágina 8 Trial  University of Zaragoza ModelDetection% spam detected % spam undetected Spamcop ,96%34,73% soft.rediris ,56%32,13% Spamhaus ,39%28,3% hard.rediris ,01%16,8%

RedIRIS Reputation Block ListPágina 9 We did a survey to collect information about use of RBL in RedIRIS institution Survey (1)

RedIRIS Reputation Block ListPágina 10 Survey (2) Answers from 65 Institutions 74% use RBLs 80% block 82% willing to use RedIRISRBL 84% use Whitelist 78% has SPF record

RedIRIS Reputation Block ListPágina 11 What next Service on trial using RKS developed with Sandvine  50 institutions trying it  15 millions queries per day  Positive feedback Need to increase information in the system – collective purchase of licence of commercial providers? First stage to gain confidence from users – and then upgrade the service? Evaluation towards new model of service similar to those of Surfnet and Nordunet

RedIRIS Reputation Block ListPágina 12 Thanks for your attention!