Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 RedIRIS Reputation Block List September 2008. RedIRIS Reputation Block ListPágina 2 RedIRIS and mail services At the beginning, RedIRIS was directly.

Published byBertina O’Connor’ Modified over 8 years ago

Similar presentations

Presentation on theme: "1 RedIRIS Reputation Block List September 2008. RedIRIS Reputation Block ListPágina 2 RedIRIS and mail services At the beginning, RedIRIS was directly."— Presentation transcript:

1 1 RedIRIS Reputation Block List September 2008

2 RedIRIS Reputation Block ListPágina 2 RedIRIS and mail services At the beginning, RedIRIS was directly involved in the direct provision of e-mail services to affiliated institutions However, several years ago it stopped providing those services (including webmail)  End of life cycle within NREN – commodity services provided by the institutions and the market RedIRIS has kept working on issues related to e-mail, but mostly trying to improve its quality and to fight against spam  RACE (audit of University mail configuration, coordinated by RedIRIS and done by peers)  Promotion of security policies (e.g., SPF,DKIM,BATV)  Whitelists, spamtraps  These initiatives were well received, but it was necessary to bring them further to have a real impact  Ideas obtained from TF-LCPM (spam filtering services offered by SURFnet and UNINETT, and presented at TF-LCPM meetings)

3 RedIRIS Reputation Block ListPágina 3 Spam evolution Spam1.0Spam2.0Spam3.0 What’s being sent Unsolicited advertising : Massive distribution of services: Viagra,loans, sex etc. Worms/virus Masive distribution ++ plus economic fraud Images, pdf etc. Convergence spam/worms- virus Email addresses Simple methodsMassive harvesting of e-mail addresses Directionary attacks E-mail addresses bought and sold How Open-relayVulnerabilities: cgi, php, open- proxies, sockets Open-proxies, BOTNETs Solutions Basic content filter DNSbl Bayesian, multilingual content filters Evolution of DNSbl zombies Adaptation of content filters New evolución of DNSbl to target zombies Spamtraps

4 RedIRIS Reputation Block ListPágina 4 Less spam Zombies Some data about zombies (botnets) * New bots per day500 Nº of bots anytime6-8 millions Average lifetime of bots2-3 hours Nº of bots in some attacks10.000-200.000 Nº of messages sent by botnet80 millions/hour 85% from spam is sent from zombies * Data: “Email Threats Trend Report” October 2007. Commtouch Block SMTP zombies Warnings about IP zombies Zombies are main origin of spam Identification of zombies

5 RedIRIS Reputation Block ListPágina 5 Criteria for a reputation system GoalsDescription EffectivenessReduce spam 70-90% False positivesAs few as possible – and easy to solve if any ScalabilityEasy to adapt to new needs SimpleEasy usage and configuration Compatible with users policiesUsers decides what’s spam and what it makes with it ResilienceAny service problem shall not affect users email services SupportTechnology known by system administrators OpenComplementarities with RedIRIS projects as white lists, spamtraps ReportDetection of suspicious IP Cost24/7?

6 RedIRIS Reputation Block ListPágina 6 RedIRIS whitelist Reputation scheme SMTP zombie DNS medium hard SMTP IRISRBL Servicio AntiSpam Red Académica Sends spam to University University Sends spam to spamtraps RedIRIS spamtraps IP DNS query Is IP in the zone?  Updates in real time exclusion External sources: CBL, SORBS, Spamhaus,Sophos rsync

7 RedIRIS Reputation Block ListPágina 7 Service Model  Need to integrate several sources  RedIRIS internal sources such as spamtraps are statistically very effective, but they cover a very limited part of the zone  It is necessary to add external databases ModelSources MaximumSpamhaus + Habeas + Sophos + TrendMicro Very effective + intermediateSpamhaus80-90% MinimumCBL+DUL+spamcop +…75-80%

8 RedIRIS Reputation Block ListPágina 8 Trial  University of Zaragoza ModelDetection% spam detected % spam undetected Spamcop14519663,96%34,73% soft.rediris15109466,56%32,13% Spamhaus15752869,39%28,3% hard.rediris18617882,01%16,8%

9 RedIRIS Reputation Block ListPágina 9 We did a survey to collect information about use of RBL in RedIRIS institution Survey (1)

10 RedIRIS Reputation Block ListPágina 10 Survey (2) Answers from 65 Institutions 74% use RBLs 80% block 82% willing to use RedIRISRBL 84% use Whitelist 78% has SPF record

11 RedIRIS Reputation Block ListPágina 11 What next Service on trial using RKS developed with Sandvine  50 institutions trying it  15 millions queries per day  Positive feedback Need to increase information in the system – collective purchase of licence of commercial providers? First stage to gain confidence from users – and then upgrade the service? Evaluation towards new model of service similar to those of Surfnet and Nordunet

12 RedIRIS Reputation Block ListPágina 12 Thanks for your attention!

Download ppt "1 RedIRIS Reputation Block List September 2008. RedIRIS Reputation Block ListPágina 2 RedIRIS and mail services At the beginning, RedIRIS was directly."

Similar presentations

Email Deliverability @ Eloqua Providing Industry-Leading Email Management Tools.

Eloqua Providing Industry-Leading Management Tools.
Spam Sinkholing Nick Feamster. Introduction Goal: Identify bots (and botnets) by observing second-order effects –Observe application behavior thats likely.

Spam Sinkholing Nick Feamster. Introduction Goal: Identify bots (and botnets) by observing second-order effects –Observe application behavior thats likely.
1 Effective, secure and reliable hosted email security and continuity solution.

1 Effective, secure and reliable hosted security and continuity solution.
Blacklist, Whitelist & spamtrap Terena EQUAL Workshop Dec 9 th 2009 amsterdam.

Blacklist, Whitelist & spamtrap Terena EQUAL Workshop Dec 9 th 2009 amsterdam.
Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.

Detecting Spam Zombies by Monitoring Outgoing Messages Zhenhai Duan Department of Computer Science Florida State University.
TrustPort Net Gateway Email traffic protection. WWW.TRUSTPORT.COM Keep It Secure Entry point protection –Clear separation of the risky internet and secured.

TrustPort Net Gateway traffic protection. Keep It Secure Entry point protection –Clear separation of the risky internet and secured.
Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Email Assurance Gateway Not Just Warmed-over Open Source Technology…

Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Assurance Gateway Not Just Warmed-over Open Source Technology…
A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
Gold Country Computer Learning Center March 2007 Spam Email Roger Thornburn.

Gold Country Computer Learning Center March 2007 Spam Roger Thornburn.
Methods for Stopping Spam James Lick

Methods for Stopping Spam James Lick
Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.

Zombie or not to be: Trough the meshes of Botnets - Guillaume Lovet AVAR 2005 Tianjin, China.
DNSOP WG IETF-67 SPF/Sender-ID DNS & Internet Threat Douglas Otis

DNSOP WG IETF-67 SPF/Sender-ID DNS & Internet Threat Douglas Otis
AVG Internet Security 7.5 Product presentation.

AVG Internet Security 7.5 Product presentation.
1 Aug. 3 rd, 2007Conference on Email and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.
RACE Spanish academic mail network TERENA workshop on Improving the quality of email services Amsterdam, 9 December 2009 Evaluating the Best Current Practices.

RACE Spanish academic mail network TERENA workshop on Improving the quality of services Amsterdam, 9 December 2009 Evaluating the Best Current Practices.
 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.

 Malicious or unsolicited mail sent to a mailbox without the option to unsubscribe  Often used as a catch-all of any undesired or questionable mail.
The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.

The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.
Preventing Spam: Today and Tomorrow Zane Bonny Vilaphong Phasiname The Spamsters!

Preventing Spam: Today and Tomorrow Zane Bonny Vilaphong Phasiname The Spamsters!
The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.

The problems associated with operating an effective anti-spam blocklist system in an increasingly hostile environment. Robert Gallagher September 2004.
Spam May 15 2006 CS239. Taxonomy E-mail (UBE)  Advertisement  Phishing Webpage  Content  Links From: Thrifty Health-Insurance Mailed-By: noticeoption.comReply-To:

Spam May CS239. Taxonomy (UBE)  Advertisement  Phishing Webpage  Content  Links From: Thrifty Health-Insurance Mailed-By: noticeoption.comReply-To:

Similar presentations

Ads by Google