Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Dr. David MacQuigg, President Open-mail.org Registry of Public Email Senders™ –A Secure DNS Database University of Arizona ECE 596c – Cyber Security.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Dr. David MacQuigg, President Open-mail.org Registry of Public Email Senders™ –A Secure DNS Database University of Arizona ECE 596c – Cyber Security."— Presentation transcript:

1 1 Dr. David MacQuigg, President Open-mail.org Registry of Public Email Senders™ –A Secure DNS Database University of Arizona ECE 596c – Cyber Security November 2006

2 July 15, 20152 Who is a Public Email Sender? –A domain-name owner –Authorizing an Internet Transmitter –To send email to unrelated Receivers What does the Registry Provide? –Authentication Data – Does the sender authorize this transmitter? –Reputation Data – How likely are messages authorized by this sender to be spam? –A simple, effective whitelisting method that works well with exiting anti-spam methods –The first non-proprietary database of Public Email Senders Typical Registry Record amazon.com.s-id.net. 86400 IN TXT "opt=df:5 svc=X1:B ip4=207.171.160.0/19,87.238.80.24/29,87.238.84.24/29" Other Authentication/Reputation Systems –Senderbase™, Bonded Sender™, Gossip™, many others –Many private systems operated by large ISPs for their own recipients, or by “spam appliance” companies for their own customers T R Trust Boundary User Agent Registry DNS Database Fast Efficient Secure?

3 July 15, 20153

4 July 15, 20154 Registry DNS Architecture & Security Threats ThreatAreaVulnerabilitySolution 1File StorageLoss or corruption of dataEncrypted backup copies with journaling. Unix system security. Physical security. 2Dynamic updates to zone filesStolen admin password. IP address spoofing. Secure admin’s computer & network connection. Use Transaction Signatures (TSIG). 3Incremental zone transfers.IP address spoofing.TSIG with unique key for each connection. Private IP addresses. 4Incremental zone transfers.IP address spoofing. DoS.TSIG with unique key for each connection. IP addresses in reserve. 5Queries from client’s DNS server. Cache poisoning. Man in middle. DoS.DNSSEC. IP addresses in reserve. 6Queries from client.Cache poisoning. Man in middle.DNSSEC. Local network security.

5 July 15, 20155 Testing the Registry Dynamic Update from Admin [root@open-mail dave]# python dnsupdate.py 48 Outgoing update query: ;; ->>HEADER<<- opcode: UPDATE, status: NOERROR, id: 0 ;; flags: ; ZONE: 0, PREREQ: 0, UPDATE: 0, ADDITIONAL: 0 ;; UPDATE SECTION: test1.s-id.net. 0 ANY ANY test1.s-id.net. 1800 IN TXT "Test_Record_48"... a few seconds later on one of our public servers [macquigg@box61 ~]$ dig @ns1.rimuhosting.com txt test1.s-id.net +short "Test_Record_48"

6 July 15, 20156 Pieces of Python # dnsupdate.py DMQ 11/4/06... # Start an nsupdate client process & connect file pointers to its # input and output pipes. fi,fo = popen2('nsupdate')... # Commands to nsupdate: header = '''\ local 127.0.0.1 953 server 207.210.221.26 key updatedns 1M92TYO2dznMK0M2N/q62Q== zone %(ZONE)s ''' % VARS template = '''\ update delete %(NAME)s.%(ZONE)s update add %(NAME)s.%(ZONE)s %(TTL)s %(TYPE)s %(VAL)s ''' % VARS trailer = '''\ show send quit ''' text = header + template + trailer...

7 July 15, 20157 Other Systems Facing Similar Threats Root Servers –13 IP addresses, IP multicast –TTL = 518400 ( 6 days ) IP Blacklists ( Spamhaus, et. al.) –30 servers –One record per IP, TTL only a few hours Attacker Motivations –Vandalism (script kiddies) –Profit (spammers) –Tort (anger, revenge, politics, …) –Denial of Service –Defamation

8 July 15, 20158 Bibliography Pro DNS and BIND, Ron Aitchison, 2005. – Best book for learning DNS. Excellent examples. Thorough discussion of security. DNS and BIND, 4th ed., Albitz & Liu, 2001. – The DNS “Bible”. TCP/IP Illustrated, vol. I, The Protocols, W. Richard Stevens, 1994. Very thorough, yet readable. Good illustrations. Project Links https://www.open-mail.org – Current status of our Authentication and Reputation Systemhttps://www.open-mail.org http://purl.net/macquigg/email – Articles and notes from early development.http://purl.net/macquigg/email A short list of the most useful books and articles on the technology behind the Registry.

9 July 15, 20159

10 July 15, 201510 Precise Terminology Border MTA – Mail Transfer Agent at the border of an Administrative Domain. If we exclude Open Relays, which are banned by most Receivers, all MTA’s, including the Forwarder above, can be associated with either the Sender or the Receiver, and the border is clearly defined. Administrative Domain – includes all MTA’s that have some pre-arrangement to exchange email. An Administrative Domain may include servers using many different domain names. The two uses of “domain” are unrelated. Sender – poorly defined. Should mean the outgoing Border MTA, but can mean the original sending domain or even an author. Use only when the context is clear or precision doesn’t matter. Receiver – The incoming Border MTA, not including MTA’s that are internal to the Receiver’s Administrative Domain. Authentication should always be done at the border. Forwarder – An MTA that relays mail from one MTA to another. Transmitter – MTA that is the source for the current “hop”, and whose IP address appears in the Source field of the IP packets. Can include Senders and Forwarders. Return Address – The address in the MAIL FROM command, used by the mail system for Delivery Status Notifications (DSN’s). MUA, MSA, MDA – Other types of mail agents - Mail User Agent, Mail Submission Agent, Mail Distribution Agent.

11 July 15, 201511 Identities in an Email Session $ telnet open-mail.org 25 220 open-mail.org ESMTP Sendmail 8.13.1/8.13.1; Wed, 30 Aug 2006 07:36:42 -0400 HELO mailout1.phrednet.com 250 open-mail.org Hello ip068.subnet71.gci-net.com [216.183.71.68], pleased to meet you MAIL FROM: 250 2.1.0... Sender ok RCPT TO: 250 2.1.5... Recipient ok DATA 354 Enter mail, end with "." on a line by itself From: Dave\r\nTo: Test Recipient\r\nSubject: SPAM SPAM SPAM\r\n\r\nThis is message 1 from our test script.\r\n.\r\n 250 2.0.0 k7TKIBYb024731 Message accepted for delivery QUIT 221 2.0.0 open-mail.org closing connection RFC-2821 Helo Name Envelope Addresses: Return Address Recipient Addresses RFC-2822 Header Addresses: From Address Reply-To Address 1 1 2 2 3 3 4 4 5 6 Network Owner

12 July 15, 201512 Border Patrol™ MTA

13 July 15, 201513 Forgery is the Critical Factor in Email Abuse Crooks hide their IP addresses by using a forwarder. Signature-based Authentication (DKIM): Sender provides a Public Key via a secure channel. Messages are signed with the related Private Key. End-to-end protocol works independently of forwarders. Slow but secure. IP-based Authentication (SPF, SenderID, CSV): Sender provides a list of authorized transmitter addresses. Fast but requires a “chain of trust” with forwarders.

Download ppt "1 Dr. David MacQuigg, President Open-mail.org Registry of Public Email Senders™ –A Secure DNS Database University of Arizona ECE 596c – Cyber Security."

Similar presentations

TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.
Securing Email Bruce Maggs. Separate Suites of Protocols Protocols for retrieving email: POP, IMAP, MAPI (Microsoft Exchange) Protocols for sending email:

Securing Bruce Maggs. Separate Suites of Protocols Protocols for retrieving POP, IMAP, MAPI (Microsoft Exchange) Protocols for sending
Draft-lemonade-imap-submit-01.txt “Forward without Download” Allow IMAP client to include previously- received message (or parts) in or as new message.

Draft-lemonade-imap-submit-01.txt “Forward without Download” Allow IMAP client to include previously- received message (or parts) in or as new message.
How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.

How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
SMTP – Simple Mail Transfer Protocol

SMTP – Simple Mail Transfer Protocol
1 Dr. David MacQuigg Research Associate Autonomic Computing Laboratory Autonomic Trust System – Verify Identity and Assess Reputation University of Arizona.

1 Dr. David MacQuigg Research Associate Autonomic Computing Laboratory Autonomic Trust System – Verify Identity and Assess Reputation University of Arizona.
1 Dr. David MacQuigg Research Associate Autonomic Computing Laboratory Email System – The most important application of computer networks University of.

1 Dr. David MacQuigg Research Associate Autonomic Computing Laboratory System – The most important application of computer networks University of.
Investigations into BIND Dynamic Update with OpenSSL by David Wilkinson.

Investigations into BIND Dynamic Update with OpenSSL by David Wilkinson.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)
Esimerkki: Sähköposti. Lappeenranta University of Technology / JP, PH, AH Electronic Mail Three major components: user agents mail servers simple mail.

Esimerkki: Sähköposti. Lappeenranta University of Technology / JP, PH, AH Electronic Mail Three major components: user agents mail servers simple mail.
Simple Mail Transfer Protocol (SMTP) Team: Zealous Team: Zealous Presented By: Vishal Parikh (003749955) Vishal Parikh (003749955) Ribhu Pathria(004698318)

Simple Mail Transfer Protocol (SMTP) Team: Zealous Team: Zealous Presented By: Vishal Parikh ( ) Vishal Parikh ( ) Ribhu Pathria( )
SMTP Simple Mail Transfer Protocol. Content I.What is SMTP? II.History of SMTP III.General Features IV.SMTP Commands V.SMTP Replies VI.A typical SMTP.

SMTP Simple Mail Transfer Protocol. Content I.What is SMTP? II.History of SMTP III.General Features IV.SMTP Commands V.SMTP Replies VI.A typical SMTP.
2440: 141 Web Site Administration Email Services Instructor: Enoch E. Damson.

2440: 141 Web Site Administration Services Instructor: Enoch E. Damson.
Introduction 1 Lecture 7 Application Layer (FTP, e-mail) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.

Introduction 1 Lecture 7 Application Layer (FTP, ) slides are modified from J. Kurose & K. Ross University of Nevada – Reno Computer Science & Engineering.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
563.8.2 Spam Sonia Jahid University of Illinois Fall 2007.

Spam Sonia Jahid University of Illinois Fall 2007.
SIMPLE MAIL TRANSFER PROTOCOL SECURITY Guided By Prof : Richard Sinn Bhavesh Jadav Mayur Mulani.

SIMPLE MAIL TRANSFER PROTOCOL SECURITY Guided By Prof : Richard Sinn Bhavesh Jadav Mayur Mulani.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Similar presentations

Ads by Google