270 likes | 391 Views
SPAM,DDOS: threats in the Internet model. Anat Bremler-Barr Efi Arazi School of Computer Science Interdisciplinary Center, Herzliya. Agenda. DDOS SPAM The reassemble vs. uniqueness The threats in the Internet Model Solutions: Trends Architectural approach.
E N D
SPAM,DDOS: threats in the Internet model Anat Bremler-Barr Efi Arazi School of Computer Science Interdisciplinary Center, Herzliya
Agenda • DDOS • SPAM • The reassemble vs. uniqueness • The threats in the Internet Model • Solutions: • Trends • Architectural approach
Infrastructure-level DDoS attacks Server-level DDoS attacks Bandwidth-level DDoS attacks Denial of Service: Consume the servers/network sources Zombies on innocent computers
SPAM: DDOS on our eyes • Factoid: On average, it takes 4 seconds to process a SPAM message(Ferris Research) • On average 70% emails – SPAM email • Real cost: lost productivity, additional hardware (bandwidth, software)
DDOS vs SPAM: Aim • DDOS: Harm the network/servers: • Cut off the victim from the internet. • Kiddies,blackmail,protest • Not legal • SPAM: Economic model • Spread commercial message • Small percentage of responses to recoup costs. • Legal ?!
DDOS vs SPAM: Technique • Sends a lots of traffic • DDOS: send a lots of traffic to one victim. • SPAM: sends many emails to many clients • Generally hide the original source of attack Internet Internet DDOS SPAM
The Characteristics of the Internet that make it so easy to launch attacks • End to End model • No authentication • No Cost • Open services • ISP/User apathy • No reservation vs. Telephone network
Internet Model: End to End model • Distrusted and scalable • No wisdom in the network only in the edges. Internet
End to End model:Solution - Wisdom to the network • Filtering device in the network (not in the client). • DDOS – in the victim is too late. • SPAM – filtering traffic according to SPAM messages already seen in the network. Riverhead Comtouch Startups !!! Internet Internet
Internet Model:No authentication I am 777 • Any one can pretend to be anyone. • Avoid filtering • Avoid the low • It is so easy to: • Spoof an IP address in a packet • Create fake emails account, and faking domains name. • Spoofing – • DDOS - Spoof IP – Pretend do be other IP • SPAM- Spoof domain – Pretend to be other domain (avoid filtering) 123
No Authentication: Solution -Anti spoofing techniques • DDOS • Research: Protocol modification. • Industry: Anti-spoofing techniques. • firewall and routers – TCP Intercept • SPAM • Suggestion of Protocol modification that would allow Internet providers to check that a message from joe@example.com actually comes from example.com's server computers • The latest suggestion from Microsoft
No Authentication: Solution - Suggestions from the IRTF
Internet Model: Open Services • Open Services: • So easy to create email account • Use free proxy (mail/http) • Problems abuse of the open services • Create short live accounts (SPAM): • Prefix hijacked (spam), Short lived domains (spam), Short lived spoof domains(spam), Temporary Accounts(spam) • Use open services: • Open proxy (ddos http)/ Mail relay(spam)
Open Services : Solution – Filtering • Closing open services • Filtering open proxy and open emails • ISP create blacklist
Internet Model: ISP/User apathy • The Internet suffer from: • ISP that does not care if they are the sources of attacks. • Computers that zombie take over them: Since the users did not update the OS with the latest patches.
ISP\User Apathy: Zombies • Zombies\Botnets • Millions of zombies is used for DDOS and SPAM
zombie zombie zombie ISP\User Apathy: Zombies • Phase1: Creating/Choosing your tool: • Major goal: Masquerade the tool so it look like a valid file • Phase:2 recruiting your army: • Emails attachments, Chat files, Web sites • Phase 3: Attacking SPAM/DDOS IRC server Victim Attacker Private IRC channel
ISP\User Apathy All over the world • 80,000 Zombies spread all over the world • Taking from Riverhead Presentation: Botnets latest trend
ISP\User Apathy:Solution- Outbound filtering • Outbound filtering: • ISP level • Customer level • Problem luck of motivation ( + the cost of implementation) • Motivation: • Club and Ban • Legal liability of ISP • Cost
Internet Model: No Cost • The cost of sending traffic/email is essentially zero. • Per ISP • Per computer
No Cost:Solution Money • Solution add cost: • Money: stamps or micro payment • Problem: Billing
No Cost:Solution -CPU (Academic) • Increasing the cost of CPU • Receiver provide a puzzle • Sender must send solution in order for the email to be accepted by the received.
No Reservation • No Reservation of resources • No limit of # emails per user • No limit of # packets per user
No Reservation:Solution - Outbound\Inbound filtering • Mitigation using statistical approaches: • Filter out sources that send too much … • Peace time learning what is too much
Future Revolution in the internet ?! • My guess: No • Reason: Backward compatibility • Solution: Patches
References • Phil Karn, “End-to end, Spam, and DoS: Threats to the Model That Made the Internet Great”, Nanog 30 • Charles Stiles, “ What Will Stop Spam? “ Nanog 32, October 2004 • Lecture notes