Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks.

Size: px
Start display at page:

Download "Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks."

Transcription

1 Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks. David Whyte, Paul van Oorschot and Evangelos Kranakis. 22st Annual Computer Security Applications Conference (ACSAC), December Miami, Fl. CSE 544- Advanced System Security Presented by: Mohamed Hassa

2 An Attack Plan Target System Pennstate system (130,000 users ) Expected Results Disable communication between administration offices, organizations, professors and students. Take down or affect some services (psu , listserv, angel) How we will do it: Generate a hit list for the psu domain [a-z][a-z0-9] Size:3369.6x10 6 Time:3 days filter the list to 130,000 using psu directory search find a group of zombie machines (with smtp engine) where we can launch the attack from (not hard to find botnet ) What will we send: spam, phishing, attachment with viruses few hundred messages for each user might take the server down (servers are overloaded) more fun! malformed spam will also take some clients down (outlook, Eudora,..) How can we prevent that?

3 The big problem Internet protocol suite Introduced in early 70 s and standardized in early 80 s Is the basis for the Internet Insecure by definition SYN attacks, IP Spoofing. Connection Hijacking, ICMP attacks, DNS attacks, Application Level vulnerabilities (a lot in http, smtp pop, ) How can we fix it Replace it. Is that possible?!! Unfortunately no Cost (Hardware, software,) Time, lack of coordination So if we cannot replace it we find work around to prevent attacks.

4 Problem definition Internet users receive daily tens even hundreds of s which falls in the category of spam, phisihing, worms and viruses These mass mailing attacks originate from zombie machines without the owner s knowledge Using the interaction between smtp engines and DNS, it is possible to detect malicious mass mailing activity within an enterprise network

5 DNS Records DNS is used to translate domain name to ip address, reverse lookup and lists mail servers for a certain domain Categories of DNS records A : maps hostname to IPv4 address\ AAAA: maps hostname to IPv6 address CNAME: for hostname aliasing MX: maps a domain to a list of mail servers NS: maps a domain to a list of domain servers PTR: maps IPv4 address to hostnam Example: cse.psu.edu psu.edu. 178 IN A

6 Contributions Build a software prototype that identifies mass mailing activities by observing DNS MX requests from a client. Reasons why the system is appealing (what they claim): Speed of detecting attacks Ability to detect zero-day worms Fast response by blocking port 25 of the melecious client Low false positives Ease of deployment

7 Related work Zoe et al. Modeled a mass mailing worm that makes use of users behavior Sidiroglou et al. build a system to detect zero day attacks by analyzing content Gupta et al. use specification based anomaly detection that looks for change in mail traffic. Wong et al. characterize mass mailing activity wrt network traffic traces Musashi et al. a similar work that process DNS logs looking for MX queries associated with PTR queries

8 Methodology How it works? Normal Mail delivery Malicious Mail delivery

9 Methodology Hypothesis MX query behavior from ordinary clients are different then the behavior of malicious client Experiment to prove the hypothesis A university network of 300 users (heterogeneous environment) Monitored all internal and external DNS traffic and MX query activityfor a week Results of the Experiment Only 5 clients made MX query request. One was running SpamAssassin and the second is a mis-configured client and the other 3 are unknown!! (DHCP assigned) Conclusion most clients don t need to perform MX queries (assuming that this network is representative) Any client performing an MX query (not an authoritative mail server nor white listed) is considered malicious ;

10 Solution and results The prototype Results The solution is a linux box placed over the network (probably at the gateway) It detects any client performing an MX query and contain that client by blocking port 25 using iptables. To deal with false positives a threshold can be configured to allow blocking after certain number of MX queries Also a whitelist is added to exempt some clients from the detection mechanism The system was able to prevent contain and prevent a worm aby detecting the first MX query and blocking the client

11 Limitations What Was mentioned Worms can use mail clients rather than smtp-engines. Therefore, they will go undetected because they use normal mail delivery The malicious client could have a predefined list of mail server to send to. Therefore, it will bypass the DNS server. DNS queries are done through remote DNS rather than local DNS (resolv.conf) Not mentioned The whitelited clients are the malicious clients Not all networks uses local DNS or local mail servers It doesn t prevent relaying attacks

12 Conclusion What is good KISS No sophisticated mathematical models or state machines. Just use the basic behavier of the protocol Detecting attacks at the source rather than the destination seems to be a good approach. What is bad Approach The way they proved the hypothesis is lame The network they used is not representative They could have studied more of how different operating systems and applications that requires MX records They only tested that on one worm. Solution Limitations and assumptions makes their solution useless

13 Take Away Observing some trivial behavior of protocols could be a way to detect attacks. Too many limitations and assumption makes the solution less effective Overall, what do you think about the paper?

14 Questions? Thank You

Copyright 2012 http://itfreetraining.com

Copyright 2012 http://itfreetraining.com In order to find resources on the network, computers need a system to look up the location of resources. This video looks at the DNS records that contain information about resources and services on the

More information

Addressing Malicious SMTP-based Mass-Mailing Activity Within an Enterprise Network

Addressing Malicious SMTP-based Mass-Mailing Activity Within an Enterprise Network Addressing Malicious SMTP-based Mass-Mailing Activity Within an Enterprise Network David Whyte P.C. van Oorschot Evangelos Kranakis Abstract Malicious mass-mailing activity on the Internet is a serious

More information

Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks

Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks Addressing SMTP-based Mass-Mailing Activity Within Enterprise Networks David Whyte, P. C. van Oorschot, Evangelos Kranakis School of Computer Science Carleton University, Ottawa, Canada dlwhyte, paulv,

More information

Lesson 13: DNS Security. Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division

Lesson 13: DNS Security. Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division Lesson 13: DNS Security Javier Osuna josuna@gmv.com GMV Head of Security and Process Consulting Division Introduction to DNS The DNS enables people to use and surf the Internet, allowing the translation

More information

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT DDoS Protection How Cisco IT Protects Against Distributed Denial of Service Attacks A Cisco on Cisco Case Study: Inside Cisco IT 1 Overview Challenge: Prevent low-bandwidth DDoS attacks coming from a broad

More information

Internet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at

Internet Security [1] VU 184.216. Engin Kirda engin@infosys.tuwien.ac.at Internet Security [1] VU 184.216 Engin Kirda engin@infosys.tuwien.ac.at Christopher Kruegel chris@auto.tuwien.ac.at Administration Challenge 2 deadline is tomorrow 177 correct solutions Challenge 4 will

More information

Use Domain Name System and IP Version 6

Use Domain Name System and IP Version 6 Use Domain Name System and IP Version 6 What You Will Learn The introduction of IP Version 6 (IPv6) into an enterprise environment requires some changes both in the provisioned Domain Name System (DNS)

More information

A D M I N I S T R A T O R V 1. 0

A D M I N I S T R A T O R V 1. 0 A D M I N I S T R A T O R F A Q V 1. 0 2011 Fastnet SA, St-Sulpice, Switzerland. All rights reserved. Reproduction in whole or in part in any form of this manual without written permission of Fastnet SA

More information

Guardian Digital Secure Mail Suite Quick Start Guide

Guardian Digital Secure Mail Suite Quick Start Guide Guardian Digital Secure Mail Suite Quick Start Guide Copyright c 2004 Guardian Digital, Inc. Contents 1 Introduction 1 2 Contacting Guardian Digital 2 3 Purpose of This Document 3 3.1 Terminology...............................

More information

www.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach

www.pandasecurity.com 100% Malware-Free E-mail: A Guaranteed Approach 100% Malware-Free E-mail: A Guaranteed Approach 2 100% Malware-Free E-mail: A Guaranteed Approach Panda Security's Mail Filtering Managed Service Guarantees Clean E-mail Table of Contents Table of Contents...

More information

OpenSRS Email Service DNS Configuration Guide

OpenSRS Email Service DNS Configuration Guide OpenSRS Email Service DNS Configuration Guide September 18, 2008 Table of Contents DNS Configuration...3 Types of DNS records...3 Email Exchange (MX) records...3 Canonical Name (CNAME) records...4 Example

More information

DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses.

DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses. Lab Exercise DNS Objective DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses. Step 1: Analyse the supplied DNS Trace Here we examine the supplied trace of a

More information

Mailing Worm Infected Hosts by Mining DNS Traffic Data

Mailing Worm Infected Hosts by Mining DNS Traffic Data Detecting Mass-Mailing Mailing Worm Infected Hosts by Mining DNS Traffic Data Keisuke Ishibashi, Tsuyoshi Toyono, and Katsuyasu Toyama NTT Information Sharing Platform Labs. Masahiro Ishino, Haruhiko Ohshima

More information

Statistical Analysis in Log Files of Electronic-Mail Server and Domain Name System Server. SPAM Mail Generates Many DNS Query Packets

Statistical Analysis in Log Files of Electronic-Mail Server and Domain Name System Server. SPAM Mail Generates Many DNS Query Packets Statistical Analysis in Log Files of Electronic-Mail Server and Domain Name System Server. SPAM Mail Generates Many DNS Query Packets YASUO MUSASHI, RYUICHI MATSUBA, and KENICHI SUGITANI Center for Multimedia

More information

Email Gateways Using MDaemon 6.0

Email Gateways Using MDaemon 6.0 Email Gateways Using MDaemon 6.0 Alt-N Technologies, Ltd 1179 Corporate Drive West, #103 Arlington, TX 76006 Tel: (817) 652-0204 2002 Alt-N Technologies. All rights reserved. Product and company names

More information

CDN SERVICE ICSS ROUTE MANAGED DNS DEUTSCHE TELEKOM AG INTERNATIONAL CARRIER SALES AND SOLUTIONS (ICSS)

CDN SERVICE ICSS ROUTE MANAGED DNS DEUTSCHE TELEKOM AG INTERNATIONAL CARRIER SALES AND SOLUTIONS (ICSS) CDN SERVICE ICSS ROUTE MANAGED DNS DEUTSCHE TELEKOM AG INTERNATIONAL CARRIER SALES AND SOLUTIONS (ICSS) CDN FEATURE ICSS ROUTE ICSS ROUTE IS OUR NEW OFFERING TO HELP YOU MANAGE YOUR DOMAIN NAME SYSTEM

More information

How to Add Domains and DNS Records

How to Add Domains and DNS Records How to Add Domains and DNS Records Configure the Barracuda NextGen X-Series Firewall to be the authoritative DNS server for your domains or subdomains to take advantage of Split DNS or dead link detection.

More information

MailFoundry Users Manual. MailFoundry User Manual Revision: MF2005071100 Copyright 2005, Solinus Inc. All Rights Reserved

MailFoundry Users Manual. MailFoundry User Manual Revision: MF2005071100 Copyright 2005, Solinus Inc. All Rights Reserved MailFoundry User Manual Revision: MF2005071100 Copyright 2005, Solinus Inc. All Rights Reserved Page 1 of 91 Chapter 1: Introduction... 4 What are Spam Profiles?... 4 Models Covered In This Manual... 4

More information

Detecting Mass-Mailing Worm Infected Hosts by Mining DNS Traffic Data

Detecting Mass-Mailing Worm Infected Hosts by Mining DNS Traffic Data Detecting Mass-Mailing Worm Infected Hosts by Mining DNS Traffic Data Keisuke Ishibashi, Tsuyoshi Toyono, and Katsuyasu Toyama NTT Information Sharing Platform Labs., NTT Corporation 3-9-11 Midori-cho,

More information

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper Protecting DNS Critical Infrastructure Solution Overview Radware Attack Mitigation System (AMS) - Whitepaper Table of Contents Introduction...3 DNS DDoS Attacks are Growing and Evolving...3 Challenges

More information

s@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ]

s@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ] s@lm@n CompTIA Exam N10-006 CompTIA Network+ certification Version: 5.1 [ Total Questions: 1146 ] Topic break down Topic No. of Questions Topic 1: Network Architecture 183 Topic 2: Network Operations 149

More information

DDoS Protection Technology White Paper

DDoS Protection Technology White Paper DDoS Protection Technology White Paper Keywords: DDoS attack, DDoS protection, traffic learning, threshold adjustment, detection and protection Abstract: This white paper describes the classification of

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

Firewalls Overview and Best Practices. White Paper

Firewalls Overview and Best Practices. White Paper Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not

More information

MDaemon Vs. Microsoft Exchange Server 2013 Standard

MDaemon Vs. Microsoft Exchange Server 2013 Standard Comparison Guide Vs. The following chart is a side-by-side feature comparison of and. Flex Licensing Maximum Accounts Unlimited Unlimited SMTP, POP3, DomainPOP, and MultiPOP POP3 & SMTP Only SSL / TLS

More information

- Domain Name System -

- Domain Name System - 1 Name Resolution - Domain Name System - Name resolution systems provide the translation between alphanumeric names and numerical addresses, alleviating the need for users and administrators to memorize

More information

GregSowell.com. Mikrotik Security

GregSowell.com. Mikrotik Security Mikrotik Security IP -> Services Disable unused services Set Available From for appropriate hosts Secure protocols are preferred (Winbox/SSH) IP -> Neighbors Disable Discovery Interfaces where not necessary.

More information

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. . Computer System Security and Management SMD139 Lecture 5: Domain Name System Peter A. Jonsson DNS Translation of Hostnames to IP addresses Hierarchical distributed database DNS Hierarchy The Root Name

More information

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version 8.1.0 and earlier

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version 8.1.0 and earlier Application Note TrustedSource in McAfee Firewall Enterprise McAfee version 8.1.0 and earlier Firewall Enterprise This document uses a question and answer format to explain the TrustedSource reputation

More information

Configuring Your Gateman Email Server

Configuring Your Gateman Email Server Configuring Your Gateman Email Server Your Gateman Lifestyle Server includes an Email Server that provides users access to email via an email client and via your web browser using your laptop and mobile

More information

FAQ (Frequently Asked Questions)

FAQ (Frequently Asked Questions) FAQ (Frequently Asked Questions) Specific Questions about Afilias Managed DNS What is the Afilias DNS network? How long has Afilias been working within the DNS market? What are the names of the Afilias

More information

Security. Help Documentation

Security. Help Documentation Help Documentation This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc. Security Antivirus Administration SmarterMail is equipped with

More information

Installing and Setting up Microsoft DNS Server

Installing and Setting up Microsoft DNS Server Training Installing and Setting up Microsoft DNS Server Introduction Versions Used Windows Server 2003 Setup Used i. Server Name = martini ii. Credentials: User = Administrator, Password = password iii.

More information

Configuring Security for SMTP Traffic

Configuring Security for SMTP Traffic 4 Configuring Security for SMTP Traffic Securing SMTP traffic Creating a security profile for SMTP traffic Configuring a local traffic SMTP profile Assigning an SMTP security profile to a local traffic

More information

How-to: DNS Enumeration

How-to: DNS Enumeration 25-04-2010 Author: Mohd Izhar Ali Email: johncrackernet@yahoo.com Website: http://johncrackernet.blogspot.com Table of Contents How-to: DNS Enumeration 1: Introduction... 3 2: DNS Enumeration... 4 3: How-to-DNS

More information

Software Engineering 4C03 SPAM

Software Engineering 4C03 SPAM Software Engineering 4C03 SPAM Introduction As the commercialization of the Internet continues, unsolicited bulk email has reached epidemic proportions as more and more marketers turn to bulk email as

More information

Classification of Firewalls and Proxies

Classification of Firewalls and Proxies Classification of Firewalls and Proxies By Dhiraj Bhagchandka Advisor: Mohamed G. Gouda (gouda@cs.utexas.edu) Department of Computer Sciences The University of Texas at Austin Computer Science Research

More information

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006 CSE331: Introduction to Networks and Security Lecture 12 Fall 2006 Announcements Midterm I will be held Friday, Oct. 6th. True/False Multiple Choice Calculation Short answer Short essay Project 2 is on

More information

Intercept Anti-Spam Quick Start Guide

Intercept Anti-Spam Quick Start Guide Intercept Anti-Spam Quick Start Guide Software Version: 6.5.2 Date: 5/24/07 PREFACE...3 PRODUCT DOCUMENTATION...3 CONVENTIONS...3 CONTACTING TECHNICAL SUPPORT...4 COPYRIGHT INFORMATION...4 OVERVIEW...5

More information

English Translation of SecurityGateway for Exchange/SMTP Servers

English Translation of SecurityGateway for Exchange/SMTP Servers Testing: Alt N Technologies SecurityGateway by Sandra Lucifora Administrators spend a considerable amount of their time on the job on eliminating unwanted messages. Viruses, Phishing, and Spoofing pose

More information

Glossary of Technical Terms Related to IPv6

Glossary of Technical Terms Related to IPv6 AAAA Record An AAAA record stores a 128-bit Internet Protocol version 6 (IPv6) address, which does not fit the standard A record format. For example, 2007:0db6:85a3:0000:0000:6a2e:0371:7234 is a valid

More information

Acquia Cloud Edge Protect Powered by CloudFlare

Acquia Cloud Edge Protect Powered by CloudFlare Acquia Cloud Edge Protect Powered by CloudFlare Denial-of-service (DoS) Attacks Are on the Rise and Have Evolved into Complex and Overwhelming Security Challenges TECHNICAL GUIDE TABLE OF CONTENTS Introduction....

More information

Intro to Firewalls. Summary

Intro to Firewalls. Summary Topic 3: Lesson 2 Intro to Firewalls Summary Basic questions What is a firewall? What can a firewall do? What is packet filtering? What is proxying? What is stateful packet filtering? Compare network layer

More information

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109

K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS. v.109 K7 Mail Security FOR MICROSOFT EXCHANGE SERVERS v.109 1 The Exchange environment is an important entry point by which a threat or security risk can enter into a network. K7 Mail Security is a complete

More information

Networking for Caribbean Development

Networking for Caribbean Development Networking for Caribbean Development BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n o g. o r g N E T W O R K I N G F O R C A R I B B E A N D E V E L O P M E N T BELIZE NOV 2 NOV 6, 2015 w w w. c a r i b n

More information

CloudFlare advanced DDoS protection

CloudFlare advanced DDoS protection CloudFlare advanced DDoS protection Denial-of-service (DoS) attacks are on the rise and have evolved into complex and overwhelming security challenges. 1 888 99 FLARE enterprise@cloudflare.com www.cloudflare.com

More information

Fasthosts Internet Parallels Plesk 10 Manual

Fasthosts Internet Parallels Plesk 10 Manual Fasthosts Internet Parallels Plesk 10 Manual Introduction... 2 Before you begin... 2 Logging in to the Plesk control panel... 2 Securing access to the Plesk 10 control panel... 3 Configuring your new server...

More information

CipherMail Gateway Quick Setup Guide

CipherMail Gateway Quick Setup Guide CIPHERMAIL EMAIL ENCRYPTION CipherMail Gateway Quick Setup Guide October 10, 2015, Rev: 9537 Copyright 2015, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction 4 2 Typical setups 4 2.1 Direct delivery............................

More information

Application Firewalls

Application Firewalls Application Moving Up the Stack Advantages Disadvantages Example: Protecting Email Email Threats Inbound Email Different Sublayers Combining Firewall Types Firewalling Email Enforcement Application Distributed

More information

Part 5 DNS Security. SAST01 An Introduction to Information Security 2015-09-21. Martin Hell Department of Electrical and Information Technology

Part 5 DNS Security. SAST01 An Introduction to Information Security 2015-09-21. Martin Hell Department of Electrical and Information Technology SAST01 An Introduction to Information Security Part 5 DNS Security Martin Hell Department of Electrical and Information Technology How DNS works Amplification attacks Cache poisoning attacks DNSSEC 1 2

More information

The Domain Name System

The Domain Name System The Domain Name System Antonio Carzaniga Faculty of Informatics University of Lugano October 9, 2012 2005 2007 Antonio Carzaniga 1 IP addresses and host names Outline DNS architecture DNS process DNS requests/replies

More information

Migration Quick Reference Guide for Administrators

Migration Quick Reference Guide for Administrators Migration Quick Reference Guide for Administrators 10 Easy Steps for Migration Maximize Performance with Easy Settings Changes Communicating with Your Users Reporting Spam Resources Page 1 10 Easy Steps

More information

FortiDDos Size isn t everything

FortiDDos Size isn t everything FortiDDos Size isn t everything Martijn Duijm Director Sales Engineering April - 2015 Copyright Fortinet Inc. All rights reserved. Agenda 1. DDoS In The News 2. Drawing the Demarcation Line - Does One

More information

Mail agents. Introduction to Internet Mail. Message format (2) Authenticating senders

Mail agents. Introduction to Internet Mail. Message format (2) Authenticating senders Mail agents Introduction to Internet Mail Philip Hazel University of Cambridge MUA = Mail User Agent Interacts directly with the end user Pine, MH, Elm, mutt, mail, Eudora, Marcel, Mailstrom, Mulberry,

More information

How to Configure the Windows DNS Server

How to Configure the Windows DNS Server Windows 2003 How to Configure the Windows DNS Server How to Configure the Windows DNS Server Objective This document demonstrates how to configure domains and record on the Windows 2003 DNS Server. Windows

More information

Development of an IPv6 Honeypot

Development of an IPv6 Honeypot Development of an IPv6 Honeypot Klaus Steding-Jessen jessen@cert.br CERT.br Computer Emergency Response Team Brazil NIC.br Network Information Center Brazil CGI.br Brazilian Internet Steering Committee

More information

Firewall, Mail and File server solution

Firewall, Mail and File server solution Firewall, Mail and File server solution Table of Contents Introduction......2 Overview......3 Detailed description....4 Firewall......4 Other services offered by IPCop:......4 Mail and File Server......5

More information

ISP Systems Design. ISP Workshops. Last updated 24 April 2013

ISP Systems Design. ISP Workshops. Last updated 24 April 2013 ISP Systems Design ISP Workshops Last updated 24 April 2013 1 Agenda p DNS Server placement p Mail Server placement p News Server placement p Services network design p Services Network Security 2 ISP Services

More information

ETH Zürich - Mail Filtering Service

ETH Zürich - Mail Filtering Service Eidgenössische Technische Hochschule Zürich Swiss Federal Institute of Technology Zurich Informatikdienste / IT-Services ETH Zürich - Mail Filtering Service (TERENA 2009) 09 Dec 2009 - D. McLaughlin (davidmcl@ethz.ch)

More information

Firewalls and Intrusion Detection

Firewalls and Intrusion Detection Firewalls and Intrusion Detection What is a Firewall? A computer system between the internal network and the rest of the Internet A single computer or a set of computers that cooperate to perform the firewall

More information

Introduction. Friday, June 21, 2002

Introduction. Friday, June 21, 2002 This article is intended to give you a general understanding how ArGoSoft Mail Server Pro, and en Email, in general, works. It does not give you step-by-step instructions; it does not walk you through

More information

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)

E-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY) E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system

More information

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst

Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst INTEGRATED INTELLIGENCE CENTER Technical White Paper William F. Pelgrin, CIS President and CEO Guide to DDoS Attacks December 2014 Authored by: Lee Myers, SOC Analyst This Center for Internet Security

More information

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding? Page 1 of 5 1. Introduction The present document explains about common attack scenarios to computer networks and describes with some examples the following features of the MilsGates: Protection against

More information

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam

JK0 015 CompTIA E2C Security+ (2008 Edition) Exam JK0 015 CompTIA E2C Security+ (2008 Edition) Exam Version 4.1 QUESTION NO: 1 Which of the following devices would be used to gain access to a secure network without affecting network connectivity? A. Router

More information

From Network Security To Content Filtering

From Network Security To Content Filtering Computer Fraud & Security, May 2007 page 1/10 From Network Security To Content Filtering Network security has evolved dramatically in the last few years not only for what concerns the tools at our disposals

More information

Promoting Network Security (A Service Provider Perspective)

Promoting Network Security (A Service Provider Perspective) Promoting Network Security (A Service Provider Perspective) Prevention is the Foundation H S Gupta DGM (Technical) Data Networks, BSNL hsgupta@bsnl.co.in DNW, BSNL 1 Agenda Importance of Network Security

More information

SPAM FILTER Service Data Sheet

SPAM FILTER Service Data Sheet Content 1 Spam detection problem 1.1 What is spam? 1.2 How is spam detected? 2 Infomail 3 EveryCloud Spam Filter features 3.1 Cloud architecture 3.2 Incoming email traffic protection 3.2.1 Mail traffic

More information

Firewalls, IDS and IPS

Firewalls, IDS and IPS Session 9 Firewalls, IDS and IPS Prepared By: Dr. Mohamed Abd-Eldayem Ref.: Corporate Computer and Network Security By: Raymond Panko Basic Firewall Operation 2. Internet Border Firewall 1. Internet (Not

More information

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka

Agenda. Taxonomy of Botnet Threats. Background. Summary. Background. Taxonomy. Trend Micro Inc. Presented by Tushar Ranka Taxonomy of Botnet Threats Trend Micro Inc. Presented by Tushar Ranka Agenda Summary Background Taxonomy Attacking Behavior Command & Control Rallying Mechanisms Communication Protocols Evasion Techniques

More information

MDaemon configuration recommendations for dealing with spam related issues

MDaemon configuration recommendations for dealing with spam related issues Web: Introduction MDaemon configuration recommendations for dealing with spam related issues Without a doubt, our most common support queries these days fall into one of the following groups:- 1. Why did

More information

Firewall Firewall August, 2003

Firewall Firewall August, 2003 Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also

More information

Mac OS X Lion Server

Mac OS X Lion Server ng Mac OS X Lion Server Charles Edge, Jr. O'REILLY Beijing Cambridge Farnham Kbln Sebastopol Tokyo Table of Contents Preface ix 1. Planning 1 The Minimum 1 Server Allocation 2 Service Allocation 2 Choosing

More information

Appendix D: Configuring Firewalls and Network Address Translation

Appendix D: Configuring Firewalls and Network Address Translation Appendix D: Configuring Firewalls and Network Address Translation The configuration information in this appendix will help the network administrator plan and configure the network architecture for Everserve.

More information

eprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide

eprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide eprism Email Security Appliance 6.0 Intercept Anti-Spam Quick Start Guide This guide is designed to help the administrator configure the eprism Intercept Anti-Spam engine to provide a strong spam protection

More information

Mail services @ NIKHEF

Mail services @ NIKHEF Mail services @ NIKHEF CT system support Nov 2003 1 CT NIKHEF Outline NIKHEF SMTP mail service Incoming mail (virus, spam, etc) Read mail (imap/pop) Mail clients Nov 2003 2 CT NIKHEF NIKHEF SMTP mail server

More information

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis? This paper presents a scenario in which an attacker attempts to hack into the internal network

More information

Anti Spam Best Practices

Anti Spam Best Practices 39 Anti Spam Best Practices Anti Spam Engine: Time-Tested Scanning An IceWarp White Paper October 2008 www.icewarp.com 40 Background The proliferation of spam will increase. That is a fact. Secure Computing

More information

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013

Availability Digest. www.availabilitydigest.com. @availabilitydig. Surviving DNS DDoS Attacks November 2013 the Availability Digest @availabilitydig Surviving DNS DDoS Attacks November 2013 DDoS attacks are on the rise. A DDoS attack launches a massive amount of traffic to a website to overwhelm it to the point

More information

Firewall Server 7.2. Release Notes. What's New in Firewall Server 7.2

Firewall Server 7.2. Release Notes. What's New in Firewall Server 7.2 Firewall Server 7.2 Release Notes BorderWare Technologies is pleased to announce the release of version 7.2 of the Firewall Server. This release includes the following new features and improvements. What's

More information

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1 SEED Labs Local DNS Attack Lab 1 Local DNS Attack Lab Copyright c 2006 Wenliang Du, Syracuse University. The development of this document was partially funded by the National Science Foundation s Course,

More information

Enhanced Spam Defence

Enhanced Spam Defence Enhanced Spam Defence An approach to making SMTP connect time blocking a reliable method for e-mail filtering By John Jensen, Topsec Technology Ltd. As the spam problem keeps growing and the associated

More information

Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1. Network Security. Canada France Meeting on Security, Dec 06-08

Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1. Network Security. Canada France Meeting on Security, Dec 06-08 Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 1 Network Security Evangelos Kranakis, School of Computer Science, Carleton University, Ottawa 2 Collaboration with Frank Akujobi

More information

IDS / IPS. James E. Thiel S.W.A.T.

IDS / IPS. James E. Thiel S.W.A.T. IDS / IPS An introduction to intrusion detection and intrusion prevention systems James E. Thiel January 14, 2005 S.W.A.T. Drexel University Overview Intrusion Detection Purpose Types Detection Methods

More information

Government of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam

Government of Canada Managed Security Service (GCMSS) Annex A-5: Statement of Work - Antispam Government of Canada Managed Security Service (GCMSS) Date: June 8, 2012 TABLE OF CONTENTS 1 ANTISPAM... 1 1.1 QUALITY OF SERVICE...1 1.2 DETECTION AND RESPONSE...1 1.3 MESSAGE HANDLING...2 1.4 CONFIGURATION...2

More information

PRECISEMAIL ANTI-SPAM GATEWAY AUTHENTICATION CASE STUDIES

PRECISEMAIL ANTI-SPAM GATEWAY AUTHENTICATION CASE STUDIES PRECISEMAIL ANTI-SPAM GATEWAY WHITEPAPER EXECUTIVE SUMMARY The rapid expansion of spam is requiring most sites to implement spam filtering solutions to keep users email boxes from becoming clogged with

More information

DNS Resolving using nslookup

DNS Resolving using nslookup DNS Resolving using nslookup Oliver Hohlfeld & Andre Schröder January 8, 2007 Abstract This report belongs to a talk given at the networking course (Institue Eurecom, France) in January 2007. It is based

More information

Reliable & Secure Email. Professional, Dependable, Complete Easy to Learn, Use and Grow

Reliable & Secure Email. Professional, Dependable, Complete Easy to Learn, Use and Grow Reliable & Secure Email Professional, Dependable, Complete Easy to Learn, Use and Grow About this Presentation Summarizes primary purposes of email, plus the needs of email providers and users. Introduces

More information

Description: Objective: Attending students will learn:

Description: Objective: Attending students will learn: Course: Introduction to Cyber Security Duration: 5 Day Hands-On Lab & Lecture Course Price: $ 3,495.00 Description: In 2014 the world has continued to watch as breach after breach results in millions of

More information

AntiDDoS1000 DDoS Protection Systems

AntiDDoS1000 DDoS Protection Systems AntiDDoS1000 DDoS Protection Systems Background and Challenges With the IT and network evolution, the Distributed Denial of Service (DDoS) attack has already broken away from original hacker behaviors.

More information

Service Overview & Installation Guide

Service Overview & Installation Guide Service Overview & Installation Guide Contents Contents... 2 1.0 Overview... 3 2.0 Simple Setup... 4 3.0 OWA Setup... 5 3.1 Receive Test... 5 3.2 Send Test... 6 4.0 Advanced Setup... 7 4.1 Receive Test

More information

How Cisco IT Protects Against Distributed Denial of Service Attacks

How Cisco IT Protects Against Distributed Denial of Service Attacks How Cisco IT Protects Against Distributed Denial of Service Attacks Cisco Guard provides added layer of protection for server properties with high business value. Cisco IT Case Study / < Security and VPN

More information

Borderware MXtreme. Secure Email Gateway QuickStart Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved

Borderware MXtreme. Secure Email Gateway QuickStart Guide. Copyright 2005 CRYPTOCard Corporation All Rights Reserved Borderware MXtreme Secure Email Gateway QuickStart Guide Copyright 2005 CRYPTOCard Corporation All Rights Reserved http://www.cryptocard.com Overview MXtreme is a hardened appliance with a highly robust

More information

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Virtual private network Network security protocols COMP347 2006 Len Hamey Instead of a dedicated data link Packets securely sent over a shared network Internet VPN Public internet Security protocol encrypts

More information

Network Monitoring Tool to Identify Malware Infected Computers

Network Monitoring Tool to Identify Malware Infected Computers Network Monitoring Tool to Identify Malware Infected Computers Navpreet Singh Principal Computer Engineer Computer Centre, Indian Institute of Technology Kanpur, India navi@iitk.ac.in Megha Jain, Payas

More information

Protecting and controlling Virtual LANs by Linux router-firewall

Protecting and controlling Virtual LANs by Linux router-firewall Protecting and controlling Virtual LANs by Linux router-firewall Tihomir Katić Mile Šikić Krešimir Šikić Faculty of Electrical Engineering and Computing University of Zagreb Unska 3, HR 10000 Zagreb, Croatia

More information

Serial Deployment Quick Start Guide

Serial Deployment Quick Start Guide PaperClip em 4 11/19/2007 Serial Deployment Quick Start Guide This checklist should be completed before installing the em4 Relay. Your answers with the associated screens will enable you to install and

More information

Slicing Spam with Occam s Razor

Slicing Spam with Occam s Razor Slicing Spam with Occam s Razor Chris Fleizach cfleizac@cs.ucsd.edu Geoffrey M. Voelker voelker@cs.ucsd.edu Stefan Savage savage@cs.ucsd.edu ABSTRACT To evade blacklisting, the vast majority of spam email

More information

ECE 4321 Computer Networks. Network Programming

ECE 4321 Computer Networks. Network Programming ECE 4321 Computer Networks Network Programming Name Space System.Net Domain Name System (DNS) To resolve computer naming Host database is split up and distributed among multiple systems on the Internet

More information