Monitoring the Abuse of Open Proxies for Sending Spam

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Monitoring the Abuse of Open Proxies for Sending Spam"

Transcription

1 Monitoring the Abuse of Open Proxies for Sending Spam Klaus Steding-Jessen CERT.br Computer Emergency Response Team Brazil NIC.br Network Information Center Brazil CGI.br Brazilian Internet Steering Committee 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 1/25

2 About CERT.br Created in 1997 to receive, review and respond to computer security incident reports and activities related to networks connected to the Internet in Brazil. National focal point for reporting security incidents Establishes collaborative relationships with other entities Helps new CSIRTs to establish their activities Provides training in incident handling Provides statistics and best practices documents Helps raise the security awareness in the country 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 2/25

3 Our Parent Organization: CGI.br Among the diverse responsibilities of The Brazilian Internet Steering Committee CGI.br, the main attributions are: to propose policies and procedures related to the regulation of the Internet activities to recommend standards for technical and operational procedures to establish strategic directives related to the use and development of Internet in Brazil to promote studies and technical standards for the network and services security in the country to coordinate the allocation of Internet addresses (IPs) and the registration of domain names using <.br> to collect, organize and disseminate information on Internet services, including indicators and statistics 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 3/25

4 CGI.br Structure 01- Ministry of Science and Technology 02- Ministry of Communications 03- Presidential Cabinet 04- Ministry of Defense 05- Ministry of Development, Industry and Foreign Trade 06- Ministry of Planning, Budget and Management 07- National Telecommunications Agency 08- National Council of Scientific and Technological Development 09- National Forum of Estate Science and Technology Secretaries 10- Internet Expert 11- Internet Service Providers 12- Telecom Infrastructure Providers 13- Hardware and Software Industries 14- General Business Sector Users 15- Non-governamental Entity 16- Non-governamental Entity 17- Non-governamental Entity 18- Non-governamental Entity 19- Academia 20- Academia 21- Academia 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 4/25

5 Agenda Motivation The SpamPots Project Open Proxy Abuse Scenario Architecture Honeypots Server Statistics Future Work References 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 5/25

6 Motivation The Nature of the Problem Spam is a source of malware/phishing decrease in productivity increase in infrastructure costs Congress and regulators Are pressed by the general public to do something about it Have several questionable law projects to consider Don t have data that show the real spam scenario 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 6/25

7 Motivation (2) Different Views, Different Data What we hear Open proxies are not an issue anymore Only botnets are used nowadays to send/relay spam Brazil is a big source of spam Our data Spam complaints related to open proxy abuse have increased in the past few years Scans for open proxies are always in the top 10 ports in our honeypots network statistics 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 7/25

8 Motivation (3) Still Lots of Questions How to convince business people of possible mitigation measures needs/effectiveness? Port 25 management, reputation, etc Who is abusing our infrastructure? And How? Do we have national metrics or only international? How can we gather data and generate metrics to help the formulation of policies and the understanding of the problem? Need to better understand the problem and have more data about it 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 8/25

9 The SpamPots Project Supported by the CGI.br/NIC.br as part of the Anti-spam Commission work Deployment of 10 low-interaction honeypots, emulating open proxy/relay services and capturing spam Installed on Brazilian ADSL/cable networks, for 15 months 5 broadband providers, 1 home and 1 business connection each Measure the abuse of end-user machines to send spam 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 9/25

10 Open Proxy Abuse Scenario End users broadband computers Computer with Open Proxy Victim Victim Computer with Open Proxy Mail Server 1 Victim spammer Computer with Open Proxy Victim Mail Server N Computer with Open Proxy Victim Victim 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 10/25

11 Architecture End users broadband computers Server: Collects data daily; Monitors the honeypots resources. Honeypot emulating an Open Proxy Computer with Open Proxy Victim spammer Honeypot emulating an Open Proxy Mail Server 1 Victim Computer with Open Proxy Mail Server N Victim 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 11/25

12 Honeypots OpenBSD as the base OS good proactive security features pf packet filter: stateful, integrated queueing (ALTQ), port redirect logs in libpcap format: allows passive fingerprinting Honeyd emulating services Niels Provos SMTP and HTTP Proxy emulator (with minor modifications) SOCKS 4/5 emulator written by ourselves pretends to connect to the final SMTP server destination and starts receiving the s doesn t deliver the s Fools spammers confirmation attempts 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 12/25

13 Server Collects and stores data from honeypots initiates transfers through ssh connections uses rsync over ssh to copy spam from the honeypots Performs status checks in all honeypots daemons, ntp, disk space, load, rsync status Web page interface honeypot status s stats: daily, last 15min MRTG: bandwidth, ports used, s/min, etc 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 13/25

14 Statistics 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 14/25

15 Statistics period to days 466 s avg. s/day recipients avg. recpts/ 9,2 unique IPs unique ASNs 3006 unique CCs 165 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 15/25

16 Top ASNs sending spam Top 10 s/asn: # ASN ASN Name s % TFN-TW (TW) , HINET (TW) , CNCGROUP (CN) , SEEDNET (TW) , NCIC-TW (TW) , CHINA169 (CN) , NDCHOST (US) , CHINANET (CN) , EXTRALAN (TW) , LOOKAS (CA) ,07 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 16/25

17 Top ASNs sending spam (2) 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 17/25

18 Top CCs sending spam Top 10 s/cc: # CC s % 01 TW ,43 02 CN ,80 03 US ,67 04 CA ,27 05 JP ,03 06 HK ,84 07 KR ,78 08 UA ,34 09 DE ,18 10 BR ,16 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 18/25

19 Top CCs sending spam (2) 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 19/25

20 Top TCP ports used TCP ports used: # TCP Port protocol used by % SOCKS socks 37, HTTP alt http 34, HTTP http 10, HTTP Squid 6, HTTP alt http 2, HTTP AnalogX 2, SMTP smtp 1, HTTP Proxy SOCKS MyDoom 1, HTTP Sobig.f 0, HTTP alt http 0,96 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 20/25

21 Top TCP ports used (2) 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 21/25

22 Request Types Module Type Requests % HTTP connect to 25/TCP 89,496, connect to others 106, get requests 225, errors 1,847, total 91,677, SOCKS connect to 25/TCP 46,776, connect to others 1,055, errors 5,741, total 53,573, th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 22/25

23 Future Work 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 23/25

24 Future Work Comprehensive spam analysis using Data Mining techniques determine patterns in language, embedded URLs, etc phishing and other online crime activities Propose best practices to ISPs port 25 management proxy abuse monitoring International cooperation 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 24/25

25 References This presentation can be found at: Computer Emergency Response Team Brazil CERT.br NIC.br Brazilian Internet Steering Comittee CGI.br OpenBSD Honeyd Brazilian Honeypots Alliance 6th International GOVCERT.NL Symposium Noordwijk, The Netherlands October 18 19, 2007 p. 25/25

SpamPots Project: Using Honeypots to Measure the Abuse of End-User Machines to Send Spam

SpamPots Project: Using Honeypots to Measure the Abuse of End-User Machines to Send Spam SpamPots Project: Using Honeypots to Measure the Abuse of End-User Machines to Send Spam Marcelo H. P. C. Chaves mhp@cert.br CERT.br Computer Emergency Response Team Brazil NIC.br Network Information Center

More information

Preventing your Network from Being Abused by Spammers

Preventing your Network from Being Abused by Spammers Preventing your Network from Being Abused by Spammers Marcelo H. P. C. Chaves mhp@cert.br CERT.br Computer Emergency Response Team Brazil NIC.br - Network Information Center Brazil CGI.br - Brazilian Internet

More information

Spampots Project First Results of the International Phase and its Regional Utilization

Spampots Project First Results of the International Phase and its Regional Utilization Spampots Project First Results of the International Phase and its Regional Utilization Klaus Steding-Jessen jessen@cert.br LACNIC XIII, 5 th LACSEC, Curaçao May 19, 2010 p. 1/31 CERT.br Computer Emergency

More information

Use of Honeypots for Network Monitoring and Situational Awareness

Use of Honeypots for Network Monitoring and Situational Awareness Use of Honeypots for Network Monitoring and Situational Awareness Cristine Hoepers cristine@cert.br Computer Emergency Response Team Brazil - CERT.br Network Information Center Brazil - NIC.br Brazilian

More information

Spampots Project Mapping the Abuse of Internet Infrastructure by Spammers

Spampots Project Mapping the Abuse of Internet Infrastructure by Spammers Spampots Project Mapping the Abuse of Internet Infrastructure by Spammers Klaus Steding-Jessen jessen@cert.br Cristine Hoepers cristine@cert.br CERT.br Computer Emergency Response Team Brazil NIC.br Network

More information

honeytarg Chapter Activities

honeytarg Chapter Activities honeytarg Chapter Activities Marcelo Chaves mhp@cert.br! Computer Emergency Response Team Brazil - CERT.br Network Information Center Brazil - NIC.br Brazilian Internet Steering Committee - CGI.br Agenda

More information

Development of an IPv6 Honeypot

Development of an IPv6 Honeypot Development of an IPv6 Honeypot Klaus Steding-Jessen jessen@cert.br CERT.br Computer Emergency Response Team Brazil NIC.br Network Information Center Brazil CGI.br Brazilian Internet Steering Committee

More information

CERT.br Incident Handling and Network Monitoring Activities

CERT.br Incident Handling and Network Monitoring Activities CERT.br Incident Handling and Network Monitoring Activities Cristine Hoepers General Manager cristine@cert.br! Computer Emergency Response Team Brazil - CERT.br Network Information Center Brazil - NIC.br

More information

Information Security Awareness Videos

Information Security Awareness Videos Information Security Awareness Videos Marcelo H. P. C. Chaves mhp@cert.br CERT.br Computer Emergency Response Team Brazil NIC.br - Network Information Center Brazil CGI.br - Brazilian Internet Steering

More information

The Global ecrime Outlook CERT.br National Report

The Global ecrime Outlook CERT.br National Report The Global ecrime Outlook CERT.br National Report Cristine Hoepers cristine@cert.br APWG CeCOS IV, São Paulo, Brazil May 11 13, 2010 p. 1/12 CERT.br Computer Emergency Response Team Brazil NIC.br Network

More information

A Multistakeholder Effort to Reduce Spam The Case of Brazil

A Multistakeholder Effort to Reduce Spam The Case of Brazil A Multistakeholder Effort to Reduce Spam The Case of Brazil Dr. Cristine Hoepers cristine@cert.br! Computer Emergency Response Team Brazil - CERT.br Network Information Center Brazil - NIC.br Brazilian

More information

Distributed Honeypots Project: How It s Being Useful for CERT.br

Distributed Honeypots Project: How It s Being Useful for CERT.br Distributed Honeypots Project: How It s Being Useful for CERT.br Cristine Hoepers cristine@cert.br Klaus Steding-Jessen jessen@cert.br Computer Emergency Response Team Brazil - CERT.br http://www.cert.br/

More information

DNS Amplification Attacks as a DDoS Tool and Mitigation Techniques

DNS Amplification Attacks as a DDoS Tool and Mitigation Techniques DNS Amplification Attacks as a DDoS Tool and Mitigation Techniques Klaus Steding-Jessen jessen@cert.br! Computer Emergency Response Team Brazil - CERT.br Network Information Center Brazil - NIC.br Brazilian

More information

Anti-botnet Initiatives

Anti-botnet Initiatives Anti-botnet Initiatives Lucimara Desiderá lucimara@cert.br! Computer Emergency Response Team Brazil - CERT.br Network Information Center Brazil - NIC.br Brazilian Internet Steering Committee - CGI.br CGI.br

More information

Challenges and Best Practices in Fighting Financial Fraud in Brazil

Challenges and Best Practices in Fighting Financial Fraud in Brazil Challenges and Best Practices in Fighting Financial Fraud in Brazil Cristine Hoepers cristine@cert.br CERT.br Computer Emergency Response Team Brazil NIC.br - Network Information Center Brazil CGI.br -

More information

Phishing and Banking Trojan Cases Affecting Brazil

Phishing and Banking Trojan Cases Affecting Brazil Phishing and Banking Trojan Cases Affecting Brazil Cristine Hoepers cristine@cert.br! Centro de Estudos, Resposta e Tratamento de Incidentes de Segurança no Brasil Núcleo de Informação e Coordenação do

More information

Cybersecurity and Incident Response Initiatives: Brazil and Americas

Cybersecurity and Incident Response Initiatives: Brazil and Americas Cybersecurity and Incident Response Initiatives: Brazil and Americas Cristine Hoepers cristine@cert.br Computer Emergency Response Team Brazil CERT.br http://www.cert.br/ Brazilian Internet Steering Committee

More information

Incident Management and Computer Security Incident Response Teams (CSIRTs)

Incident Management and Computer Security Incident Response Teams (CSIRTs) Incident Management and Computer Security Incident Response Teams (CSIRTs) Slides available at: http://www.cert.br/docs/presentations/ Cristine Hoepers General Manager CERT.br CERT Brazil

More information

LACNIC 25 CSIRTs Meeting Havana, Cuba May 4 th, 2016

LACNIC 25 CSIRTs Meeting Havana, Cuba May 4 th, 2016 LACNIC 25 CSIRTs Meeting Havana, Cuba May 4 th, 2016 DDoS Atacks: Detection, Analysis and Mitigation Lucimara Desiderá lucimara@cert.br Klaus Steding-Jessen jessen@cert.br Internet Governance in Brazil:

More information

CERT.br: Mission and Services

CERT.br: Mission and Services CERT.br: Mission and Services Marcelo H. P. C. Chaves mhp@cert.br Computer Emergency Response Team Brazil CERT.br http://www.cert.br/ Brazilian Internet Steering Committee http://www.cgi.br/ Conferencia

More information

Incident Handling in Brazil

Incident Handling in Brazil Incident Handling in Brazil Cristine Hoepers cristine@cert.br! Centro de Estudos, Resposta e Tratamento de Incidentes de Segurança no Brasil - CERT.br Núcleo de Informação e Coordenação do Ponto br - NIC.br

More information

Incident Response and Early Warning Initiatives in Brazil

Incident Response and Early Warning Initiatives in Brazil Incident Response and Early Warning Initiatives in Brazil Marcelo H. P. C. Chaves mhp@cert.br Computer Emergency Response Team Brazil CERT.br http://www.cert.br/ Brazilian Internet Steering Committee http://www.cgi.br/

More information

Incident Handling and Internet Security in Brazil

Incident Handling and Internet Security in Brazil Incident Handling and Internet Security in Brazil Cristine Hoepers Centro de Estudos, Resposta e Tratamento de Incidentes de Segurança no Brasil Computer Emergency Response Team Brazil

More information

The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness

The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness Abstract Area: ROADMAP FOR THE FURTHER EVOLUTION OF THE INTERNET GOVERNANCE ECOSYSTEM Entitled by: Cristine Hoepers, Klaus Steding-Jessen,

More information

Dynamic Honeypot Construction

Dynamic Honeypot Construction Dynamic Honeypot Construction 2nd Annual Alaska Information Assurance Workshop Christopher Hecker U. of Alaska, Fairbanks 9-5-2006 Presentation l Brief Introduction l Project Overview l Future Work l References

More information

Evolution of Financial Fraud in Brazil

Evolution of Financial Fraud in Brazil Evolution of Financial Fraud in Brazil Marcelo H. P. C. Chaves mhp@cert.br CERT.br Computer Emergency Response Team Brazil http://www.cert.br/ NIC.br Network Information Center Brazil CGI.br Brazilian

More information

A Campaign-based Characterization of Spamming Strategies

A Campaign-based Characterization of Spamming Strategies A Campaign-based Characterization of Spamming Strategies Pedro H. Calais, Douglas E. V. Pires Dorgival Olavo Guedes, Wagner Meira Jr. Computer Science Department Federal University of Minas Gerais Belo

More information

Fraud and Phishing Scam Response Arrangements in Brazil

Fraud and Phishing Scam Response Arrangements in Brazil Fraud and Phishing Scam Response Arrangements in Brazil Marcelo H. P. C. Chaves mhp@cert.br Computer Emergency Response Team Brazil CERT.br http://www.cert.br/ Brazilian Internet Steering Committee http://www.cgi.br/

More information

SonicWALL Email Security Quick Start Guide. Version 4.6

SonicWALL Email Security Quick Start Guide. Version 4.6 SonicWALL Email Security Quick Start Guide Version 4.6 Quick Start Guide - Introduction This document guides you through the most basic steps to set up and administer SonicWALL Email Security. For more

More information

Port evolution: a software to find the shady IP profiles in Netflow. Or how to reduce Netflow records efficiently.

Port evolution: a software to find the shady IP profiles in Netflow. Or how to reduce Netflow records efficiently. TLP:WHITE - Port Evolution Port evolution: a software to find the shady IP profiles in Netflow. Or how to reduce Netflow records efficiently. Gerard Wagener 41, avenue de la Gare L-1611 Luxembourg Grand-Duchy

More information

A Guide to New Features in Propalms OneGate 4.0

A Guide to New Features in Propalms OneGate 4.0 A Guide to New Features in Propalms OneGate 4.0 Propalms Ltd. Published April 2013 Overview This document covers the new features, enhancements and changes introduced in Propalms OneGate 4.0 Server (previously

More information

Mauro Andreolini University of Modena andreolini@unimore.it. Michele Colajanni. colajanni@unimore.it. bulgarelli.alessandro@ unimore.

Mauro Andreolini University of Modena andreolini@unimore.it. Michele Colajanni. colajanni@unimore.it. bulgarelli.alessandro@ unimore. HoneySpam: Honeypots fighting SPAM at the source Mauro Andreolini University of Modena andreolini@unimore.it Alessandro Bulgarelli University of Modena bulgarelli.alessandro@ unimore.it Michele Colajanni

More information

F-Secure Messaging Security Gateway. Deployment Guide

F-Secure Messaging Security Gateway. Deployment Guide F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4

More information

Spamming Chains: A New Way of Understanding Spammer Behavior

Spamming Chains: A New Way of Understanding Spammer Behavior Spamming Chains: A New Way of Understanding Spammer Behavior Pedro H. Calais Guerra Federal University of Minas Gerais (UFMG) pcalais@dcc.ufmg.br Cristine Hoepers Brazilian Network Information Center (NIC.br)

More information

Public policies for interconnection at lower costs

Public policies for interconnection at lower costs Public policies for interconnection at lower costs Internet Governance Forum Egypt, 16 November 2009 Valeria Jordán Innovation and Technology Unit UN - ECLAC Agenda Considerations Internet is a driving

More information

Chapter 4 Restricting Access From Your Network

Chapter 4 Restricting Access From Your Network Chapter 4 Restricting Access From Your Network This chapter describes how to use the content filtering and reporting features of the RangeMax NEXT Wireless Router WNR834B to protect your network. You can

More information

CALNET 3 Category 7 Network Based Management Security. Table of Contents

CALNET 3 Category 7 Network Based Management Security. Table of Contents State of California IFB STPD 12-001-B CALNET 3 Category 7 Network Based Security Table of Contents 7.2.1.4.a DDoS Detection and Mitigation Features... 1 7.2.2.3 Email Monitoring Service Features... 2 7.2.3.2

More information

SPAM: 101 Cause and Effect

SPAM: 101 Cause and Effect SPAM: 101 Cause and Effect Table of Contents Background: JARING SPAM 101 Effects Lesson Learned Challenges and Propositions 1 Part I: Background on JARING (We're the good guys.) What is JARING? The first

More information

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL

BOTNETS. Douwe Leguit, Manager Knowledge Center GOVCERT.NL BOTNETS Douwe Leguit, Manager Knowledge Center GOVCERT.NL Agenda Bots: what is it What is its habitat How does it spread What are its habits Dutch cases Ongoing developments Visibility of malware vs malicious

More information

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network.

Architecture. The DMZ is a portion of a network that separates a purely internal network from an external network. Architecture The policy discussed suggests that the network be partitioned into several parts with guards between the various parts to prevent information from leaking from one part to another. One part

More information

Hosted CanIt. Roaring Penguin Software Inc. 26 April 2011

Hosted CanIt. Roaring Penguin Software Inc. 26 April 2011 Hosted CanIt Roaring Penguin Software Inc. 26 April 2011 1 1 Introduction Thank you for selecting Hosted CanIt. This document explains how Hosted CanIt works and how you should configure your network to

More information

QUICK START GUIDE. Cisco C170 Email Security Appliance

QUICK START GUIDE. Cisco C170 Email Security Appliance 1 0 0 1 QUICK START GUIDE Email Security Appliance Cisco C170 303357 Cisco C170 Email Security Appliance 1 Welcome 2 Before You Begin 3 Document Network Settings 4 Plan the Installation 5 Install the Appliance

More information

Proxies. Chapter 4. Network & Security Gildas Avoine

Proxies. Chapter 4. Network & Security Gildas Avoine Proxies Chapter 4 Network & Security Gildas Avoine SUMMARY OF CHAPTER 4 Generalities Forward Proxies Reverse Proxies Open Proxies Conclusion GENERALITIES Generalities Forward Proxies Reverse Proxies Open

More information

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes.

Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes. RimApp RoadBLOCK goes beyond simple filtering! Many network and firewall administrators consider the network firewall at the network edge as their primary defense against all network woes. However, traditional

More information

Chapter 3 Restricting Access From Your Network

Chapter 3 Restricting Access From Your Network Chapter 3 Restricting Access From Your Network This chapter describes how to use the content filtering and reporting features of the RangeMax Dual Band Wireless-N Router WNDR3300 to protect your network.

More information

FortiMail Email Filtering Course 221-v2.2 Course Overview

FortiMail Email Filtering Course 221-v2.2 Course Overview FortiMail Email Filtering Course 221-v2.2 Course Overview FortiMail Email Filtering is a 2-day instructor-led course with comprehensive hands-on labs to provide you with the skills needed to design, configure,

More information

12. Firewalls Content

12. Firewalls Content Content 1 / 17 12.1 Definition 12.2 Packet Filtering & Proxy Servers 12.3 Architectures - Dual-Homed Host Firewall 12.4 Architectures - Screened Host Firewall 12.5 Architectures - Screened Subnet Firewall

More information

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper

When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling. White Paper When Reputation is Not Enough: Barracuda Spam Firewall Predictive Sender Profiling White Paper As spam continues to evolve, Barracuda Networks remains committed to providing the highest level of protection

More information

Best of Breed of an ITIL based IT Monitoring. The System Management strategy of NetEye

Best of Breed of an ITIL based IT Monitoring. The System Management strategy of NetEye Best of Breed of an ITIL based IT Monitoring The System Management strategy of NetEye by Georg Kostner 5/11/2012 1 IT Services and IT Service Management IT Services means provisioning of added value for

More information

Introduction to Computer Security Benoit Donnet Academic Year 2015-2016

Introduction to Computer Security Benoit Donnet Academic Year 2015-2016 Introduction to Computer Security Benoit Donnet Academic Year 2015-2016 1 Agenda Networking Chapter 1: Firewalls Chapter 2: Proxy Chapter 3: Intrusion Detection System Chapter 4: Network Attacks Chapter

More information

JPCERT/CC Incident Handling Report [July 1,2016 September 30, 2016]

JPCERT/CC Incident Handling Report [July 1,2016 September 30, 2016] JPCERT-IR-2016-03 Issued: 2016-10-12 JPCERT/CC Incident Handling Report [July 1,2016 September 30, 2016] 1. About the Incident Handling Report JPCERT Coordination Center (herein, JPCERT/CC) receives reports

More information

Contents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix

Contents. vii. Preface. P ART I THE HONEYNET 1 Chapter 1 The Beginning 3. Chapter 2 Honeypots 17. xix Honeynet2_bookTOC.fm Page vii Monday, May 3, 2004 12:00 PM Contents Preface Foreword xix xxvii P ART I THE HONEYNET 1 Chapter 1 The Beginning 3 The Honeynet Project 3 The Information Security Environment

More information

PineApp Anti IP Blacklisting

PineApp Anti IP Blacklisting PineApp Anti IP Blacklisting Whitepaper 2011 Overview ISPs outbound SMTP Services Individual SMTP relay, not server based (no specific protection solutions are stated between the sender and the ISP backbone)

More information

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE)

HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) HONEYD (OPEN SOURCE HONEYPOT SOFTWARE) Author: Avinash Singh Avinash Singh is a Technical Evangelist currently worksing at Appin Technology Lab, Noida. Educational Qualification: B.Tech from Punjab Technical

More information

Solution Brief FortiMail for Service Providers. Nathalie Rivat

Solution Brief FortiMail for Service Providers. Nathalie Rivat Solution Brief FortiMail for Service Providers Nathalie Rivat Agenda FortiMail for Internet Service Providers Outbound antispam to prevent blacklisting MMS routing for Mobile Operators Inbound antispam

More information

Flow Analysis Versus Packet Analysis. What Should You Choose?

Flow Analysis Versus Packet Analysis. What Should You Choose? Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation

More information

Linux Server Support by Applied Technology Research Center. Proxy Server Configuration

Linux Server Support by Applied Technology Research Center. Proxy Server Configuration Linux Server Support by Applied Technology Research Center Proxy Server Configuration We configure squid for your LAN. Including transparent for HTTP and proxy for HTTPS. We also provide basic training

More information

FortiMail Email Filtering Course 221-v2.0. Course Overview. Course Objectives

FortiMail Email Filtering Course 221-v2.0. Course Overview. Course Objectives FortiMail Email Filtering Course 221-v2.0 Course Overview FortiMail Email Filtering is a 2-day instructor-led course with comprehensive hands-on labs to provide you with the skills needed to configure,

More information

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks Firewalls Intrusion Detection

More information

Technical Note. ISP Protection against BlackListing. FORTIMAIL Deployment for Outbound Spam Filtering. Rev 2.2

Technical Note. ISP Protection against BlackListing. FORTIMAIL Deployment for Outbound Spam Filtering. Rev 2.2 Technical Note ISP Protection against BlackListing FORTIMAIL Deployment for Outbound Spam Filtering Rev 2.2 April 14, 2009 Table of Contents 1 Objective IP address protection... 3 1.1 Context... 3 1.2

More information

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling

When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling When Reputation is Not Enough: Barracuda Spam & Virus Firewall Predictive Sender Profiling As spam continues to evolve, Barracuda Networks remains committed to providing the highest level of protection

More information

Volume 2, Issue 3, March 2014 International Journal of Advance Research in Computer Science and Management Studies

Volume 2, Issue 3, March 2014 International Journal of Advance Research in Computer Science and Management Studies Volume 2, Issue 3, March 2014 International Journal of Advance Research in Computer Science and Management Studies Research Article / Paper / Case Study Available online at: www.ijarcsms.com Web Application

More information

When Reputation is Not Enough. Barracuda Email Security Gateway s Predictive Sender Profiling. White Paper

When Reputation is Not Enough. Barracuda Email Security Gateway s Predictive Sender Profiling. White Paper When Reputation is Not Enough Barracuda Email Security Gateway s Predictive Sender Profiling White Paper As spam continues to evolve, Barracuda Networks remains committed to providing the highest level

More information

Chapter 4 Content Filtering

Chapter 4 Content Filtering Chapter 4 Content Filtering This chapter describes how to use the content filtering features of the WGT624 v3 108 Mbps Wireless Firewall Router to protect your network. These features can be found by clicking

More information

Firewall Firewall August, 2003

Firewall Firewall August, 2003 Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also

More information

Network Performance Analysis Solution. White Paper

Network Performance Analysis Solution. White Paper Network Performance Analysis Solution White Paper Copyright Copyright 2016 Colasoft. All rights reserved. Information in this document is subject to change without notice. No part of this document may

More information

D m i t r y S l i n k o v, C I S M SWISS C Y B E R S TO R M 2015. Black market of cybercrime in Russia

D m i t r y S l i n k o v, C I S M SWISS C Y B E R S TO R M 2015. Black market of cybercrime in Russia D m i t r y S l i n k o v, C I S M SWISS C Y B E R S TO R M 2015 Black market of cybercrime in Russia WHOAMI Information Security Manager (Russia and CIS) Information Security Officer Information Security

More information

Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1

Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology. Project Proposal 1 Project Proposal Active Honeypot Systems By William Kilgore University of Advancing Technology Project Proposal 1 Project Proposal 2 Abstract Honeypot systems are readily used by organizations large and

More information

Promoting Network Security (A Service Provider Perspective)

Promoting Network Security (A Service Provider Perspective) Promoting Network Security (A Service Provider Perspective) Prevention is the Foundation H S Gupta DGM (Technical) Data Networks, BSNL hsgupta@bsnl.co.in DNW, BSNL 1 Agenda Importance of Network Security

More information

Countermeasure for Detection of Honeypot Deployment

Countermeasure for Detection of Honeypot Deployment Proceedings of the International Conference on Computer and Communication Engineering 2008 May 13-15, 2008 Kuala Lumpur, Malaysia Countermeasure for Detection of Honeypot Deployment Lai-Ming Shiue 1, Shang-Juh

More information

perfsonar Multi-Domain Monitoring Service Deployment and Support: The LHC-OPN Use Case

perfsonar Multi-Domain Monitoring Service Deployment and Support: The LHC-OPN Use Case perfsonar Multi-Domain Monitoring Service Deployment and Support: The LHC-OPN Use Case Fausto Vetter, Domenico Vicinanza DANTE TNC 2010, Vilnius, 2 June 2010 Agenda Large Hadron Collider Optical Private

More information

Hosted Security Integration with Microsoft Office 365

Hosted  Security Integration with Microsoft Office 365 A Trend Micro Integration Guide I July 2016 Hosted Email Security Integration with Microsoft Office 365» This document highlights the benefits of Hosted Email Security (HES) for Microsoft Office 365 customers

More information

Lending Clarity to Security Risk Definitions by Dave Piscitello and Greg Aaron

Lending Clarity to Security Risk Definitions by Dave Piscitello and Greg Aaron Lending Clarity to Security Risk Definitions by Dave Piscitello and Greg Aaron In its Beijing Communiqué of 11 April 2013, the ICANN Government Advisory Committee (GAC) called on ICANN to have new gtld

More information

OnCommand Performance Manager 1.1

OnCommand Performance Manager 1.1 OnCommand Performance Manager 1.1 Installation and Setup Guide For Red Hat Enterprise Linux NetApp, Inc. 495 East Java Drive Sunnyvale, CA 94089 U.S. Telephone: +1 (408) 822-6000 Fax: +1 (408) 822-4501

More information

4 Messaging Technology

4 Messaging Technology 4 Messaging Technology Previously this was published as the Email Technical Report. From this volume we have changed the name to Messaging Technology. Messaging Technology 4.1 Introduction Messaging Technology

More information

AbuseHUB: a national Abuse Report. Clearing House. Phons Bloemen. ISD Congress September 24, 2014. www.abuseinformationexchange.nl

AbuseHUB: a national Abuse Report. Clearing House. Phons Bloemen. ISD Congress September 24, 2014. www.abuseinformationexchange.nl AbuseHUB: a national Abuse Report Clearing House Phons Bloemen ISD Congress September 24, 2014 www.abuseinformationexchange.nl Scope Out of scope Abuse HUB collect, correlate, distribute post infection

More information

HONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region

HONEYPOT SECURITY. February 2008. The Government of the Hong Kong Special Administrative Region HONEYPOT SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Future-ready security for small and mid-size enterprises

Future-ready security for small and mid-size enterprises First line of defense for your network Quick Heal Terminator (UTM) (Unified Threat Management Solution) Data Sheet Future-ready security for small and mid-size enterprises Quick Heal Terminator is a high-performance,

More information

Chapter 11 Cloud Application Development

Chapter 11 Cloud Application Development Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How

More information

Configuring Security for SMTP Traffic

Configuring Security for SMTP Traffic 4 Configuring Security for SMTP Traffic Securing SMTP traffic Creating a security profile for SMTP traffic Configuring a local traffic SMTP profile Assigning an SMTP security profile to a local traffic

More information

Hosted Email Security Integration with Microsoft Office 365

Hosted Email Security Integration with Microsoft Office 365 A Trend Micro Integration Guide I August 2015 Hosted Email Security Integration with Microsoft Office 365» This document highlights the benefits of Hosted Email Security (HES) for Microsoft Office 365

More information

Stopping Outgoing Spam by Examining Incoming Server Logs

Stopping Outgoing Spam by Examining Incoming Server Logs Stopping Outgoing Spam by Examining Incoming Server Logs Richard Clayton Computer Laboratory, University of Cambridge, 15 JJ Thomson Avenue, Cambridge, CB3 0FD, U.K. Abstract Processing server logs for

More information

Anti-Spam Filtering Scenarios Anti-Spam Write Up

Anti-Spam Filtering Scenarios Anti-Spam Write Up Anti-Spam Filtering Scenarios Anti-Spam Write Up About Cyberoam Cyberoam s enterprise security integrates multiple security features on a single appliance to offer comprehensive network security. Cyberoam

More information

Firewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues

Firewalls. Basic Firewall Concept. Why firewalls? Firewall goals. Two Separable Topics. Firewall Design & Architecture Issues CS 155 May 20, 2004 Firewalls Basic Firewall Concept Separate local area net from internet Firewall John Mitchell Credit: some text, illustrations from Simon Cooper Router All packets between LAN and internet

More information

Deploying Layered Email Security. What is Layered Email Security?

Deploying Layered Email Security. What is Layered Email Security? Deploying Layered Email Security This paper is intended for users of Websense Email Security who want to add Websense Hosted Email Security to deploy a layered email security solution. In this paper: Review

More information

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions.

Copyright 2011 Sophos Ltd. Copyright strictly reserved. These materials are not to be reproduced, either in whole or in part, without permissions. PureMessage for Microsoft Exchange protects Microsoft Exchange servers and Windows gateways against email borne threats such as from spam, phishing, viruses, spyware. In addition, it controls information

More information

1. Built-In SPI Firewall to Protect Your Enterprise Network 2. Multi-Spam-Filtering Function Providing High Spam-Filtering Accuracy

1. Built-In SPI Firewall to Protect Your Enterprise Network 2. Multi-Spam-Filtering Function Providing High Spam-Filtering Accuracy 1. Built-In SPI Firewall to Protect Your Enterprise Network BroadScan UTM core design is based on its Stateful Packet Inspection ( SPI ) firewall, providing complete firewall protection. By default, the

More information

Intercept Anti-Spam Quick Start Guide

Intercept Anti-Spam Quick Start Guide Intercept Anti-Spam Quick Start Guide Software Version: 6.5.2 Date: 5/24/07 PREFACE...3 PRODUCT DOCUMENTATION...3 CONVENTIONS...3 CONTACTING TECHNICAL SUPPORT...4 COPYRIGHT INFORMATION...4 OVERVIEW...5

More information

Towards Automated Botnet Detection and Mitigation

Towards Automated Botnet Detection and Mitigation Towards Automated Botnet Detection and Mitigation Stopping the Root Cause of Spam Pi1 - Laboratory for Dependable Distributed Systems Outline Motivation Tools & techniques for botnet detection nepenthes

More information

Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Service Pack 2 MOC 10233

Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Service Pack 2 MOC 10233 Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Service Pack 2 MOC 10233 Course Outline Module 1: Introduction to Designing a Microsoft Exchange Server 2010 Deployment This

More information

Network Service, Systems and Data Communications Monitoring Policy

Network Service, Systems and Data Communications Monitoring Policy Network Service, Systems and Data Communications Monitoring Policy Purpose This Policy defines the environment and circumstances under which Network Service, Systems and Data Communications Monitoring

More information

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia Helmi Rais CERT-TCC Team Manager National Agency for Computer Security, Tunisia helmi.rais@ansi.tn helmi.rais@gmail.com Framework

More information

A Pointillist Approach for Comparing Honeypots. Fabien Pouget, Thorsten Holz

A Pointillist Approach for Comparing Honeypots. Fabien Pouget, Thorsten Holz A Pointillist Approach for Comparing Honeypots Fabien Pouget, Thorsten Holz Motivations What are the Modus Operandi of the perpetrators? Who has data to validate in a rigorous way any kind of taxonomy

More information

Anti-Spam Initiatives in China

Anti-Spam Initiatives in China Anti-Spam Initiatives in China ITU WSIS Thematic Meeting on Cybersecurity Geneva,Switzerland 28 June-2 July 2005 Liang Liu Anti-Spam Coordination Team Internet Society of China Spam evolution in China

More information

OpenBSD in the wild...a personal journey

OpenBSD in the wild...a personal journey OpenBSD in the wild......a personal journey Avik Sengupta Chief Technology Officer Itellix Software Solutions Pvt Ltd 2006 Avik Sengupta. Licensed under Creative Commons by-nc-nd. 1 Agenda OpenBSD Why

More information

Increased operational efficiency by providing customers the ability to: Use staff resources more efficiently by reducing troubleshooting time.

Increased operational efficiency by providing customers the ability to: Use staff resources more efficiently by reducing troubleshooting time. , page 1 This chapter provides an overview of the Cisco Cisco Unified Communications Manager service and describes how to configure the Cisco Cisco Unified Communications Manager feature. The feature allows

More information

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module CS 665: Computer System Security Network Security Bojan Cukic Lane Department of Computer Science and Electrical Engineering West Virginia University 1 Usage environment Anonymity Automation, minimal human

More information

A Whirlwind Introduction to Honeypots

A Whirlwind Introduction to Honeypots A Whirlwind Introduction to Honeypots Marcus J. Ranum What is a honeypot? A security resource thats value lies in being attacked, probed, or compromised A honeypot is more a state

More information

The Brazilian Internet Steering Committee CGI.br Internet Governance Model in Brazil

The Brazilian Internet Steering Committee CGI.br Internet Governance Model in Brazil ian Internet Steering Committee CGI.br Internet Governance Model in rev. July 2014 CGI.br - ian Internet Steering Committee NIC.br ian Network Information Center CETIC.br Center of Studies on Information

More information