Spam Mail FilterJeff Rupp & Frank Watson1 Implement Spam Mail Filtration inside Linux kernel Jeff Rupp and Frank Watson.

Slides:



Advertisements
Similar presentations
CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Advertisements

IPv6 – IPv4 Network Address, Port & Protocol Translation & Multithreaded DNS Gateway Navpreet Singh, Abhinav Singh, Udit Gupta, Vinay Bajpai, Toshu Malhotra.
DHCP -Ameeta and Haripriya -cmsc 691x. DHCP ► Dynamic Host Configuration Protocol ► It controls vital networking parameters of hosts with the help of.
5-Network Defenses Dr. John P. Abraham Professor UTPA.
Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.
Internet Control Message Protocol (ICMP). Introduction The Internet Protocol (IP) is used for host-to-host datagram service in a system of interconnected.
Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.
Chapter Extension 7 How the Internet Works © 2008 Prentice Hall, Experiencing MIS, David Kroenke.
Adjusting out device-driver Here we complete the job of modifying our ‘nicf.c’ Linux driver to support ‘raw’ packet-transfers.
Students:Gilad Goldman Lior Kamran Supervisor:Mony Orbach Mid-Semester Presentation Spring 2005 Network Sniffer.
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
Implementing Standard and Extended Access Control List (ACL) in Cisco Routers.
Installing software on personal computer
Sybex CCENT Chapter 13: Network Address Translation Instructor & Todd Lammle.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 7 Connect the SUSE Linux Enterprise Server to the Network.
TCP/IP Networking sections 13.2,3,4,5 Road map: TCP, provide connection-oriented service IP, route data packets from one machine to another (RFC 791) ICMP,
07/11/ L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: voice.
Syllabus outcomes Describes and applies problem-solving processes when creating solutions Designs, produces and evaluates appropriate solutions.
Connecting to Network. ♦ Overview ► A network connection is required to communicate with other computers when they are in a network. Network interface.
FTP (File Transfer Protocol) & Telnet
PA3: Router Junxian (Jim) Huang EECS 489 W11 /
Simple Mail Transfer Protocol (SMTP)
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Application Layer Functionality and Protocols.
TCP/IP Essentials A Lab-Based Approach Shivendra Panwar, Shiwen Mao Jeong-dong Ryoo, and Yihan Li Chapter 5 UDP and Its Applications.
TCP/IP Illustracted Vol1. 제목 : IP Routing ( 수 ) 한 민 규
Internet and Intranet Fundamentals Class 9 Session A.
Day 14 Introduction to Networking. Unix Networking Unix is very frequently used as a server. –Server is a machine which “serves” some function Web Server.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
The Internet The internet is simply a worldwide computer network that uses standardised communication protocols to transmit and exchange data.
Application Block Diagram III. SOFTWARE PLATFORM Figure above shows a network protocol stack for a computer that connects to an Ethernet network and.
General rules 1. Rule: 2. Rule: 3. Rule: 10. Rule: Ask questions ……………………. 11. Rule: I do not know your skill. If I tell you things you know, please stop.
FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.
SMTP / MIME Florin Zidaru.
Linux Routing. Why use Linux as a router? Its cheap. Linux has low hardware requirements. A properly configured P166 Mhz computer would have no problems.
1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Dynamic Host Configuration Protocol (DHCP)
Unit - III. Providing a Caching Proxy Server (1) A caching proxy server is software that stores (caches) frequently requested internet objects such as.
TCP/IP Illustracted Vol1. 제목 : IP Routing ( 수 ) 한 민 규
SMTP Tapu Ahmed Jeremy Nunn. Basics Responsible for electronic mail delivery. Responsible for electronic mail delivery. Simple ASCII protocol that runs.
Linux Operations and Administration Chapter Eight Network Communications.
When you run a scenario, the Vusers on each host machine use the host’s IP address. You can define multiple IP addresses on a host machine to emulate a.
Transmission Control Protocol (TCP) Internet Protocol (IP)
Chapter 4: server services. The Complete Guide to Linux System Administration2 Objectives Configure network interfaces using command- line and graphical.
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
1 Chapter 1 INTRODUCTION TO WEB. 2 Objectives In this chapter, you will: Become familiar with the architecture of the World Wide Web Learn about communication.
Web and Proxy Server.
Behrouz A. Forouzan TCP/IP Protocol Suite, 3rd Ed.
Chapter 13 Network Address Translation
Web Development Web Servers.
Chapter 2: System Structures
How data travels through a network The Internet
Net 323 D: Networks Protocols
IP Network Layer and Ethernet Encapsulation
TCP/IP Networking An Example
Internet Control Message Protocol (ICMP)
Chapter 2. Malware Analysis in VMs
* Essential Network Security Book Slides.
Chapter 14 User Datagram Protocol (UDP)
Access Control Lists CCNA 2 v3 – Module 11
Internet Control Message Protocol (ICMP)
TCP/IP Networking An Example
Internet Control Message Protocol Version 4 (ICMPv4)
Process-to-Process Delivery:
Setting Up Firewall using Netfilter and Iptables
Net 323 D: Networks Protocols
Chapter 7 Network Applications
Prepared by :Adeel Ahmad
MESSAGE ACCESS AGENT: POP AND IMAP
Exceptions and networking
Virtual Private Network
Presentation transcript:

Spam Mail FilterJeff Rupp & Frank Watson1 Implement Spam Mail Filtration inside Linux kernel Jeff Rupp and Frank Watson

Spam Mail FilterJeff Rupp & Frank Watson2 Introduction Our original goals: 1.To figure out how User Mode Linux works 2.To modify the kernel to filter out spam mail and send the appropriate packets to both the receiver and server. 3.Then to make further modifications to send information packets to the sender to see if the user and sender existed (which is common for spammer) Modified proposal: getting the User Mode Linux (UML) to work and modify the Linux source to change the user name to all x’s if the sender is on a spam list. senderreceiver Sends mail Checks to see if sender exists

Spam Mail FilterJeff Rupp & Frank Watson3 What is User Mode Linux? User-Mode Linux is a virtual machine that runs entirely inside a single file on the physical machine. It has internet,and xwindow support and allows users to install and test applications on this virtual machine Two main advantages of using UML are: 1.If the kernel crashes because of test applications or kernel modifications, the machine does not go with it. 2.Has a very handy debugger that allows you to debug the actual linux kernel. A good three-fifths of our time was spent on this project trying to get UML to work. This was not a trivial process.

Spam Mail FilterJeff Rupp & Frank Watson4 How to install UML 1.Download 3 main files Kernel source codeKernel source code, UML kernel patch, and Root file systemUML kernel patchRoot file system 2.Installation Unpack the kernel, Apply the UML patch, and Build the "linux“ executable from the linux source 3.Running UML execute uml with the following command line: “ linux mem=128M udb=root_fs_slackware_7.0_big udb2=swap debug=go eth0=ethertap,tap0,fd:fe:0:0:0:1, 4.Setting up the internet connection Use the following commands: Ifconfig eth0 Route del –net dev eth0 netmask Route add –host dev eth0 Route add default gw

Spam Mail FilterJeff Rupp & Frank Watson5 How UML works UML is composed of two major pieces. A root_fs (a root file system) and a linux executable. The linux executable is the linux kernel. The kernel information on the root_fs is not used for booting, so it is possible to boot a root_fs (made with Redhat 7.1 and a kernel) with a UML linux exectuable which boots the kernel into The internet access is achieved by using a driver called ethertap. Ethertap is an older driver and intercepts packets at the ethernet card and sends them up to the UML code

Spam Mail FilterJeff Rupp & Frank Watson6 Source Code Modifications Checks to see if the packet is for port 25 by checking sk->num We look for two things in the pay load, text stating “MAIL FROM:” (case insensitive) sets the flag wasMailfrom and “RCPT TO:” sets the flag wasRcpt using if statements. IP TCP (port #) sk->num IP TCP (port #) Payload sk->num sk->data

Spam Mail FilterJeff Rupp & Frank Watson7 Source Code Modifications (cont.) If either flag is set, a pointer searches the payload to find the start of the name. If the MAILfrom flag is set, it searches to see if it is on the spam sender’s list. If so, the code waits for the RCPT TO: in the packet and replaces the RCPT TO: with x’s. For example: would become which does not exist IP TCP (port #) Payload sk-num sk->data Searches for the user name

Spam Mail FilterJeff Rupp & Frank Watson8 Results Have a working prototype which catches a spammer and changes the “RCPT TO:” field in the SMTP protocol to an unknown address. Below is a sample of an returned to the user: The following addresses had permanent fatal errors (reason: User unknown) Known bug: the sender’s mail server keeps a cache of the addresses and on occasion does not send a “RCPT TO:” in the payload to see if the user exists. In these situations, the mail does go through and is not modified or blocked.

Spam Mail FilterJeff Rupp & Frank Watson9 Conclusion/Future work Because of time constrains, we only touched the surface of what can be done with routing and manipulating packets at the TCP level. This project is just a simple demonstration of the power and changeability of the linux kernel to suite to a specific need and purpose. In the future, a packet can be sent back and fully responds to the SMTP command of the receiver and sender. The spam list can be inserted through a module oppose to hard coded into the kernel (as for this project). This project can be integrated into UCCS’ Linux Content Switch and be used as a front end switch, filtering unwanted spam mails before the mails even hit the back end servers.

Spam Mail FilterJeff Rupp & Frank Watson10 References The user mode linux webpagehttp://user-mode-linux.sourceforge.org An extremely helpful article about setting up UML with a step by step examplehttp:// A comprehensive webpage about setting up a linux kernel from scratch. This webpage helped with setting up the networking files. ng.html An extremely valuable document about the linux IP networking layerhttp://kernelnewbies.org/documents/ipnetworking/linuxipnetworki ng.html The RFC 821 for the SMTP protocolhttp://

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.