1 / 27

SPAM,DDOS: threats in the Internet model

SPAM,DDOS: threats in the Internet model. Anat Bremler-Barr Efi Arazi School of Computer Science Interdisciplinary Center, Herzliya. Agenda. DDOS SPAM The reassemble vs. uniqueness The threats in the Internet Model Solutions: Trends Architectural approach.

leola
Download Presentation

SPAM,DDOS: threats in the Internet model

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SPAM,DDOS: threats in the Internet model Anat Bremler-Barr Efi Arazi School of Computer Science Interdisciplinary Center, Herzliya

  2. Agenda • DDOS • SPAM • The reassemble vs. uniqueness • The threats in the Internet Model • Solutions: • Trends • Architectural approach

  3. Infrastructure-level DDoS attacks Server-level DDoS attacks Bandwidth-level DDoS attacks Denial of Service: Consume the servers/network sources Zombies on innocent computers

  4. SPAM: DDOS on our eyes • Factoid: On average, it takes 4 seconds to process a SPAM message(Ferris Research) • On average 70% emails – SPAM email • Real cost: lost productivity, additional hardware (bandwidth, software)

  5. DDOS vs SPAM: Aim • DDOS: Harm the network/servers: • Cut off the victim from the internet. • Kiddies,blackmail,protest • Not legal • SPAM: Economic model • Spread commercial message • Small percentage of responses to recoup costs. • Legal ?!

  6. DDOS vs SPAM: Technique • Sends a lots of traffic • DDOS: send a lots of traffic to one victim. • SPAM: sends many emails to many clients • Generally hide the original source of attack Internet Internet DDOS SPAM

  7. The Characteristics of the Internet that make it so easy to launch attacks • End to End model • No authentication • No Cost • Open services • ISP/User apathy • No reservation vs. Telephone network

  8. Internet Model: End to End model • Distrusted and scalable • No wisdom in the network only in the edges. Internet

  9. End to End model:Solution - Wisdom to the network • Filtering device in the network (not in the client). • DDOS – in the victim is too late. • SPAM – filtering traffic according to SPAM messages already seen in the network. Riverhead Comtouch Startups !!! Internet Internet

  10. Internet Model:No authentication I am 777 • Any one can pretend to be anyone. • Avoid filtering • Avoid the low • It is so easy to: • Spoof an IP address in a packet • Create fake emails account, and faking domains name. • Spoofing – • DDOS - Spoof IP – Pretend do be other IP • SPAM- Spoof domain – Pretend to be other domain (avoid filtering) 123

  11. No Authentication: Solution -Anti spoofing techniques • DDOS • Research: Protocol modification. • Industry: Anti-spoofing techniques. • firewall and routers – TCP Intercept • SPAM • Suggestion of Protocol modification that would allow Internet providers to check that a message from joe@example.com actually comes from example.com's server computers • The latest suggestion from Microsoft

  12. No Authentication:Solution -Microsoft suggest Sender-ID

  13. No Authentication: Solution - Suggestions from the IRTF

  14. Internet Model: Open Services • Open Services: • So easy to create email account • Use free proxy (mail/http) • Problems abuse of the open services • Create short live accounts (SPAM): • Prefix hijacked (spam), Short lived domains (spam), Short lived spoof domains(spam), Temporary Accounts(spam) • Use open services: • Open proxy (ddos http)/ Mail relay(spam)

  15. Open Services : Solution – Filtering • Closing open services • Filtering open proxy and open emails • ISP create blacklist

  16. Internet Model: ISP/User apathy • The Internet suffer from: • ISP that does not care if they are the sources of attacks. • Computers that zombie take over them: Since the users did not update the OS with the latest patches.

  17. ISP\User Apathy: Zombies • Zombies\Botnets • Millions of zombies is used for DDOS and SPAM

  18. zombie zombie zombie ISP\User Apathy: Zombies • Phase1: Creating/Choosing your tool: • Major goal: Masquerade the tool so it look like a valid file • Phase:2 recruiting your army: • Emails attachments, Chat files, Web sites • Phase 3: Attacking SPAM/DDOS IRC server Victim Attacker Private IRC channel

  19. ISP\User Apathy All over the world • 80,000 Zombies spread all over the world • Taking from Riverhead Presentation: Botnets latest trend

  20. ISP\User Apathy:Solution- Outbound filtering • Outbound filtering: • ISP level • Customer level • Problem luck of motivation ( + the cost of implementation) • Motivation: • Club and Ban • Legal liability of ISP • Cost

  21. Internet Model: No Cost • The cost of sending traffic/email is essentially zero. • Per ISP • Per computer

  22. No Cost:Solution Money • Solution add cost: • Money: stamps or micro payment • Problem: Billing

  23. No Cost:Solution -CPU (Academic) • Increasing the cost of CPU • Receiver provide a puzzle • Sender must send solution in order for the email to be accepted by the received.

  24. No Reservation • No Reservation of resources • No limit of # emails per user • No limit of # packets per user

  25. No Reservation:Solution - Outbound\Inbound filtering • Mitigation using statistical approaches: • Filter out sources that send too much … • Peace time learning what is too much

  26. Future Revolution in the internet ?! • My guess: No • Reason: Backward compatibility • Solution: Patches

  27. References • Phil Karn, “End-to end, Spam, and DoS: Threats to the Model That Made the Internet Great”, Nanog 30 • Charles Stiles, “ What Will Stop Spam? “ Nanog 32, October 2004 • Lecture notes

More Related