Using Traffic Shaping to Combat Spam David Cawley, Senior Engineer December 12th, 2007.

Slides:

Advertisements

Similar presentations

Introduction to the Anti-Spam Research Group (ASRG) Presented by Yakov Shafranovich, ASRG Co-chair NIST Spam Technology Workshop Gaithersburg, Maryland,

Advertisements

Paul Vanbosterhaut Managing Director, Vircom Europe January 2007 ModusGate™ 4.4 Smart Assurance Gateway Not Just Warmed-over Open Source Technology…

Code-Red : a case study on the spread and victims of an Internet worm David Moore, Colleen Shannon, Jeffery Brown Jonghyun Kim.

By Areej Al-Bataineh University of Texas at San Antonio MIT Spam Conference 2009.

Addressing spam and enforcing a Do Not Registry using a Certified Electronic Mail System Information Technology Advisory Group, Inc.

How Will Authentication Reduce Global Spam? OECD Anti-Spam Task Force Pusan – September, 2004 Dave Crocker Brandenburg InternetWorking OECD Anti-Spam Task.

DNSOP WG IETF-67 SPF/Sender-ID DNS & Internet Threat Douglas Otis

Phishing (pronounced “fishing”) is the process of sending messages to lure Internet users into revealing personal information such as credit card.

Exchange 2003 and SPAM Fighting Emmanuel Ormancey, Rafal Otto Internet Services Group Department of Information Technology CERN 3 June 2015.

What is SpamSniper? SpamSniper is the leading security solution which locates in front of mail server to perform mail proxy, virus firewall and filter.

BOTNETS/Cyber Criminals  How do we stop Cyber Criminals.

UC Irvine’s New Anti-Spam Measures Keith Chong Network & Support Programming Network & Academic Computing Services UC Irvine August 9, 2005 Keith Chong.

Spam Sagar Vemuri slides courtesy: Anirudh Ramachandran Nick Feamster.

Understanding the Network-Level Behavior of Spammers Anirudh Ramachandran Nick Feamster.

1 Understanding Botnet Phenomenon MITP Kevin Lynch, Will Fiedler, Navin Johri, Sam Annor, Alex Roussev.

UNIVERSITY OF SOUTH CAROLINA Department of Computer Science and Engineering An Effective Defense Against Spam Laundering Mengjun Xie, Heng Yin, Haining.

Security Awareness: Applying Practical Security in Your World, Second Edition Chapter 3 Internet Security.

Understanding the Network-Level Behavior of Spammers Mike Delahunty Bryan Lutz Kimberly Peng Kevin Kazmierski John Thykattil By Anirudh Ramachandran and.

Guide to Operating System Security Chapter 10 Security.

1 Information Systems 7/1/03 Tom Coppeto MIT Mail System Security Issues 1 July 2003.

1 Fighting Spam at AOL: Lessons Learned and Issues Raised Carl Hutzler Director of Anti-Spam Operations America Online, Inc. 12/9/2005.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 15 How Spam Works.

Empirical Analysis of Denial of Service Attack Against SMTP Servers Boldizsár BENCSÁTH, Laboratory of Cryptography and System Security (CrySyS) Budapest.

23 October 2002Emmanuel Ormancey1 Spam Filtering at CERN Emmanuel Ormancey - 23 October 2002.

Spam Reduction Techniques Using greylisting and SpamAssassin.

No. 1 anti-spam solution for Exchange/SMTP/Lotus.

An Effective Defense Against Spam Laundering Paper by: Mengjun Xie, Heng Yin, Haining Wang Presented at:CCS'06 Presentation by: Devendra Salvi.

Team Excel What is SPAM ?. Spam Offense Team Excel '‘a distinctive chopped pork shoulder and ham mixture'' Image Source:Appscout.com.

1 RedIRIS Reputation Block List September RedIRIS Reputation Block ListPágina 2 RedIRIS and mail services At the beginning, RedIRIS was directly.

Anti-Spam & Anti-Virus WiscMail Implementation University of Wisconsin - Madison CSG Workshop September 21, 2004.

Visit for Marketing and Deliverability Tips, Tools, & Trainingwww. Delivered.com.

Spam Filtering Techniques Arnold Perez Joseph Tilley.

SEDA: An Architecture for Well-Conditioned, Scalable Internet Services by, Matt Welsh, David Culler, and Eric Brewer Computer Science Division University.

Intro to Computer Networks Internet and Networking Terms Bob Bradley The University of Tennessee at Martin.

1. 2 Presentation outline » IT pain points » The products □ GFI MailEssentials™ □ GFI MailSecurity™ » Testimonials » Kudos » Corporate overview.

An Anti-Spam Method with SMTP Session Abort Nariyoshi YAMAI 1 Kiyohiko OKAYAMA 1 Takumi SEIKE 1 Keita KAWANO 1 Motonori NAKAMURA 2 Shin MARUYAMA 3 1 Okayama.

Department of Computer Sciences The University of Texas at Austin Zmail : Zero-Sum Free Market Control of Spam Benjamin J. Kuipers, Alex X. Liu, Aashin.

(or ?) Short for Electronic Mail The transmission of messages over networks.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 45 How Hackers can Cripple the Internet and Attack Your PC How Hackers can Cripple the.

Maintaining a Secure Messaging Environment Across , IM, Web and Other Protocols Jim Jessup Regional Manager, Information Risk Management Specialist.

1 Dr. David MacQuigg, President Open-mail.org Stopping Abuse – An Engineer’s Perspective University of Arizona ECE 596c August 2006.

Botnet behavior and detection October RONOG Silviu Sofronie – a Head of Forensics.

Using Novell GroupWise ® 6 Monitor Duane Kuehne Software Engineer Novell, Inc. Danita Zanre Senior Consultant NSC Sysop,

1 Honeypot, Botnet, Security Measurement, Spam Cliff C. Zou CDA /01/07.

A Retrospective on Future Anti-Spam Standards Internet Society of China Beijing – September, 2004 Dave Crocker Brandenburg InternetWorking

Spam from an ISP perspective Simon Lyall, Ihug Uniforum NZ NetForum Conference July 2003.

Web Content Filtering Mayur Lodha (mdl2130). Agenda  Need of Filtering  Content Filtering  Basic Model  Filtering Techniques  Filtering  Circumvent.

Understanding the Network-Level Behavior of Spammers Author: Anirudh Ramachandran, Nick Feamster SIGCOMM ’ 06, September 11-16, 2006, Pisa, Italy Presenter:

Delivery for Spam Mitigation Usenix Security 2012 Gianluca Stringhini, Manuel Egele, Apostolis Zarras, Thorsten Holz, Christopher.

Understanding the network level behavior of spammers Published by :Anirudh Ramachandran, Nick Feamster Published in :ACMSIGCOMM 2006 Presented by: Bharat.

Detecting Phishing in s Srikanth Palla Ram Dantu University of North Texas, Denton.

How a major ISP built a new anti-abuse platform Mike O’Reirdan Comcast Distinguished Engineer Internet Systems Engineering Comcast National Engineering.

© 2009 WatchGuard Technologies WatchGuard ReputationAuthority Rejecting Unwanted & Web Traffic at the Perimeter.

Leveraging Delivery for Spam Mitigation.

The Koobface Botnet and the Rise of Social Malware Kurt Thomas David M. Nicol

SMTP Tapu Ahmed Jeremy Nunn. Basics Responsible for electronic mail delivery. Responsible for electronic mail delivery. Simple ASCII protocol that runs.

Security fundamentals Topic 9 Securing internet messaging.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco Spam & Virus Blocker Wilson Prokosch WW Channel GTM- Sr. BDM.

Extra Credit Presentation: Allegra Earl CSCI 101 T 3:30.

Virus Infections By: Lindsay Bowser. Introduction b What is a “virus”? b Brief history of viruses b Different types of infections b How they spread b.

Spam By Dan Sterrett. Overview ► What is spam? ► Why it’s a problem ► The source of spam ► How spammers get your address ► Preventing Spam ► Possible.

[1] Control Spam by the Use of Greylisting Torgny Hallenmark LDC - Computing Center Lund University, Sweden TERENA Networking.

An Effective Defense Against Spam Laundering Author: Mengjun Xie, Heng Yin, Haining Wang Presented At: CCS’ 06 Prepared By: Amit Shrivastava.

Spoofing Basics Presentation developed by A.F.M Bakabillah Cyber Security and Networking Consultant MCSA: Messaging, MCSE RHCE ITIL CEH.

BOTNET JUDO : Fighting Spam with Itself

Management Suite v2.0 DoubleCheck Manager Management Suite v2.0.

Slides Credit: Sogand Sadrhaghighi

Presented by Aaron Ballew

Presentation transcript:

Using Traffic Shaping to Combat Spam David Cawley, Senior Engineer December 12th, 2007

Overview 1.Evolution of & Spam 2.Spamonomics 3.SMTP Multiplexing 4.Traffic Shaping 5.Asynchronous IO 6.Passive OS Fingerprinting

The Dawn of MIT shared mainframe 1971 symbol 1976 Queen of England sends an IETF RFC821/ Lotus Notes released (35k copies sold)‏ 1996 Microsoft Internet Mail IETF RFC2821/2822

Attempts to secure... SMTP is inherently insecure SMTP-Auth/TLS SPF Sender-ID Why it didn't stop spam

The Evolution of Spam 1978 The first spam 1988 Usenet cross-posting 1993 “spam” coined as a name 1997 Open Relays abused 2000 Birth of Nigerian spam 2001 Formail exploit 2003 Sobig virus sends spam

The Evolution of Spam 2003 CAN-SPAM act 2004 Bill gates prediction & botnets 2005 Image spam, Ascii art 2006 Animated images, flash, pdf 2007 mp3, excel, p2p botnets

The escalating spam problem Source: spamnation.info/stats The good old days.

Spammer Economics 0.02% people click and buy [source: NY Times] Average filter effectiveness is 90% –1/10 of spam messages get through Improve effectiveness to 95% –1/20 of spam messages get through Spammer Solution? –Double spam volume –Same profit

Traditional Filtering MD5's, Fuzzy Signatures, Bayesian Header Regex, RBL's, URL Lists, Grey Listing Problems –Obfuscation Techniques –Formats – html, image, pdf, doc, xls, ole, mp3.. –Zombies, Botnets

SMTP Multiplexing Transparent SMTP Proxy Connection Pooling Insulates the MTA Avoids delay of legitimate mail High Concurrency –Up to 10,000 simultaneous connections

12

Traffic Shaping What can we do? Provide a Quality of Service Reputation Network Throttle unknown senders Fast track legitimate senders

16

Does Sendmail Throttle? ratecontrol ConnectionRateThrottle conncontrol

Asynchronous IO Non-Blocking front end Blocking Back-end Event driven Finite State Machine Management of Resources

Passive OS Fingerprinting 1.Look at IP packet data 2.Determine the Operating System 3.Decision to Throttle

OS Comparison

Conclusions 1.Spamming is driven by economics 2.Botnet operators need to make money 3.Slowing down spam makes it go away

Nick Shelness, Former CTO, Lotus: “I am able to report that I have been running an instance of TrafficControl in my own network for four months, and that it has reduced the volume of spam hitting my boundary MTAs on most days by approximately 95%.”