SPAM - PowerPoint PPT Presentation

About This Presentation
Title:

SPAM

Description:

Overview - San Jose State University ... spam – PowerPoint PPT presentation

Number of Views:57
Avg rating:3.0/5.0
Slides: 21
Provided by: Tjadenbc
Learn more at: http://www.cs.sjsu.edu
Category:
Tags: spam | relay

less

Transcript and Presenter's Notes

Title: SPAM


1
  • SPAM

2
Problem Description
  • Develop a tool to send email with phony SMTP
    headers to simulate SPAM.
  • Latest initiatives to reduce SPAM

3
Email Protocols
  • Simple Mail Transfer Protocol (SMTP) Transfer
    mail reliably and efficiently. Used to send
    emails between 2 SMTP servers (mail transfer
    agents)
  • Post Office Protocol (POP) or Internet Message
    Access Protocol (IMAP) Retrieve mail from SMTP
    servers to email client (mail user agent)

4
Email Flow illus Protocols
  • Delivery initiated by transfer of message to
    SMTP server
  • Bases on domain of recipient, SMTP server queries
    DNS server for the name of destination SMTP
    server
  • If recipient account exists on destination
    server, email is tranferred
  • If destination server cannot be contacted, mail
    transferred to an intermediate relay server. This
    will transfer to dest or other relays

5
Differences IMAP/POP
6
SMTP Protocol
  • Simple ASCII Protocol (protocol that transmits
    only ASCII characters and uses ASCII control
    codes. Demands little, if any, error checking).
    SMTP service runs on port 25.
  • No authentication to send email, only to retrieve
    (POP)

7
Run SMTP via telnet
Client initiates connection (telnet cs.sjsu.edu 25), No login/password reqd Greeting - 220 eniac.cs.sjsu.edu ESMTP Sendmail 8.12.10/8
HELO request, waits for resp. Quits if server refuses Returns status code and text
MAIL FROM request Returns status code, 250 for success, 500 for failure
RCPT TO request Returns status code
DATA request Returns status code
QUIT request Disconnects
8
Program
  • Implementation of SMTP protocol. Uses socket
    communication
  • No login/passwd. cs.sjsu.edu as server

9
Program Output
  • The From, To and originating PC name fields are
    received correctly.
  • IP address of PC still visible. Procedure to hide
    IP involves manipulating data at network layer
    instead of application. Sendmail daemons (UNIX)
    used to forge IPs. No conclusive evidence on
    checking source code

10
Hide IP in SMTP headers
  • Open relay (insecure relay/third-party relay) is
    an SMTP e-mail server that allows third-party
    relay of e-mail messages (process emails neither
    for/from local user). Unaware owner donates
    network and computer resources to the sender's
    purpose. So, cs.sjsu.edu was used as an open
    relay in previous example.
  • A blind relay is a relay that hides (modifies)
    the IP address of the sender and relays the
    message to destination

11
Scenarios to Hide IP
  • Spammer buys service from Blind Relay service
    provider to relay his emails
  • Spammer sends bulk emails via ISP server to Blind
    Relay Host
  • Blind Relay Host forges SMTP headers, modifying
    the IP addresses/hostnames of spammer and his ISP
  • Blind Relay forwards the emails to destination or
    to the next relay host. The destination host
    thinks that the emails originated from an
    untraceable server. Relay host server claims it
    has been spammed.

12
How to reduce SPAM?
  • Filters Text based
  • Turing Tests CAPTCHA (Visual/Audio)
  • Sender Pays - The Penny Black Project

13
Penny Black Project
  • Penny Black stamp reformed British postal system
    in 1830s. Before this, postage was paid by
    addressee and calculated for each letter. After
    Penny Black, cost of postage shifted to sender.

14
Computational Spam Fight
  • "If I don't know you, and you want to send me
    unsolicited mail, then you must prove to me that
    you have expended 10 secs, just for me and just
    for this message." Spose, effort may be in terms
    of CPU cycles. With 80,000 secs/day and 10
    secs/msg, spammer restricted to 8,000
    msgs/server/day. More investment on servers reqd
    to generate current traffic (biggest spammers
    send 250 mil/day).
  • User Experience
  • Automatically and in the background
  • Checking proof extremely easy

15
Economics
  • (80,000 s/day) / (10s/message) 8,000 msgs/day
  • Hotmails billion daily spams
  • 125,000 CPUs
  • Up front capital cost just for HM circa
    150,000,000
  • The spammers cant afford it.
  • Sites like Amazon unaffected as it will add
    fraction of a penny to total cost/per order
  • Circa 300 people total very top few spammers
    make a few million/year (F. Krueger, SMN also,
    see the recent articles about Alan Ralsky)
  • Comparison FastClick, with 30 of popunder
    market, has profit of 2 mil/yr (income of 4
    mil/yr)

16
Cryptographic Puzzles
m, f(S,R,t,nonce)
Sender client S
Recipient client R
  • Hard to compute f(S,R,t,nonce)
  • lots of work for the sender
  • Easy to check z f(S,R,t,nonce)
  • little work for receiver
  • Parameterized to scale with Moore's Law
  • easy to exponentially increase computational
    cost, while barely increasing checking cost

17
Memory Bound Puzzles
  • Slow CPUs are a lot slower than the fastest
  • Factor of 10 30 within desktops
  • Memory latencies vary little
  • factor of 3
  • So design a puzzle leading to a large number of
    cache misses
  • Equalizes actual computation time

18
Ticket Server
  • (Ideal Message Flow)
  • Ticket kit (, puzzle)
  • Ticket (, response)
  • Tickets may be accumulated in advance
    (pre-computation).
  • Centralization eases updates

Recipient Server
MSG Ticket
19
Conclusions
  • Computational spam-fighting No money is
    charged, No challenge-response mechanism, Control
    of mail servers remains as it is now, no
    infrastructure change - four Stanford students
    implemented the scheme. Once in place, virtually
    no maintenance
  • Who chooses f?
  • One global f? Who sets the price?
  • How is f distributed (ultimately)?
  • Global f built into all mail clients? ISPs?
  • Awkward Introductory Period
  • Old versions of mail programs bounces
  • Very Slow/Small-Memory Machines

20
References
  • http//www.faqs.org/rfcs/rfc2821.html
  • http//whatis.techtarget.com/definition/0,,sid9_gc
    i782509,00.html
  • http//www.codeguru.com/Cpp/I-N/internet/
  • http//www.insecure.org/sploits/sendmail.helo.over
    flow.html
  • MSDN Library Penny Black Project
Write a Comment
User Comments (0)
About PowerShow.com