1 / 28

Final Lab - Spam

Final Lab - Spam. Group 10: Scott Durr Stephen Thompson. Outline. Introduction Set up Obtaining Email Addresses Sending Mass Emails Filtering & Stopping Spam. Introduction. Almost 90% of email is now considered Spam! Messaging Anti-Abuse Working Group Report #6, Oct 2007

primo
Download Presentation

Final Lab - Spam

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Final Lab - Spam Group 10: Scott Durr Stephen Thompson

  2. Outline • Introduction • Set up • Obtaining Email Addresses • Sending Mass Emails • Filtering & Stopping Spam

  3. Introduction Almost 90% of email is now considered Spam! • Messaging Anti-Abuse Working Group Report #6, Oct 2007 • Huge drain on resources • Strains the infrastructure • Distracts/Annoys us all • Major delivery mechanism for Malware!

  4. The Costs • The State of California estimates Spam cost the state’s economy $1.2 billion in 2003. The estimate the entire US suffered a $10 billion loss in that same year. • http://www.spamlaws.com/state/ca.shtml • That was in 2003…

  5. Our Set Up Servers Clients WinXP: 57.35.6.133 Host Machine: 57.35.6.131 WinXP2: 57.35.6.134 RedHat7.2 Machine: 57.35.6.132

  6. Major Software Packages • Apache2 Web Server • Sendmail Email Server w/ SpamAssasin • Included on lab installs of Redhat 7.2 and Redhat WS 4.0 • Qpopper • POP3 server • PINE • Outlook Express • Included with WinXP • Evolution • Included with RedHat • Spam software: • Atomic Email Hunter & Atomic Email Sender

  7. Two Email Servers • Set up with slightly different rules for comparison • Were NOT able to SMTP between Sendmail servers because Sendmail MUST have DNS running in order to find other servers. • We didn’t want to tackle the additional setup. • We could accomplish what we wanted without it.

  8. Obtaining Email Addresses • Many different methods, but we focus on: • Email address spider • Anonymous FTP trick • Verification of Email addresses at the server

  9. Email Address Spiders • Crawl the web and copy anything that looks like an email address. • Implemented a basic one with wget and grep, using a regular expression: wget –rFO lotsofhtml.txt http://localhost/ egrep –rhoie ‘[[:alnum:]\.\-\_]+\@[[:alnum:]\.\-]+\.[a-zA-Z]{2,3}’ lotsofhtml.txt That regex is: [[:alnum:]\.\-\_]+\@[[:alnum:]\.\-]+\.[a-zA-Z]{2,3} • Example

  10. “Atomic Email Hunter” • Commercial Windows program that implements an email address spider. • Tested on the same dummy websites as our homemade one. • Has a lot more features.

  11. Anonymous FTP • A throwback from the days of old: Anonymous FTP logins require an email address as a password! • Set up your web page to grab images via FTP vice HTML and some browsers will cough up an email address. • Tested on Mozilla and IE: they give dummy addresses.

  12. Verifying Email Addresses • Why is this important? • A “good” email list will minimize alerts that might catch the spammer. • Allows for a ‘guess and test’ method of email address discovery. • VRFY and EXPN • Ask the server if an address is good (VRFY) • Ask the server about an alias/list (EXPN) • Disable these!

  13. Verifying Email Addresses • During the SMTP exchange, you pass a “TO” address to the server. It will come back and tell you if it is good! • Email header implemented by many clients: Return-Receipt-To: <email-address> X-Confirm-Reading-To: <email-address> Make sure you disable these as defaults in Outlook and others!

  14. Defeating those Email Spiders • Two choices • Hide your email address • Actively counter spiders

  15. Hide your email address • Use script to return an email address instead of putting the address in code. • ECE does this for their faculty! • Great example, courtesy of Mr. Tim Williams at U. Arizona: http://www.u.arizona.edu/~trw/spam/spam4.htm

  16. WPoison • Available at http://www.monkeys.com/wpoison/ • Actively thwarts spiders by generating random pages with more links and email addresses. • Each link leads right back to WPoison! • Run the spider in a circle, filling it with garbage. • We have a video

  17. WPoison Movie

  18. Sending Mass Emails • Methods 1. Use your own (school/isp) SMTP server • You will probably get caught and shut down! 2. Use another, third party SMTP server • You will probably be blocked from Relaying 3. Connect directly to the recipient’s server • This takes some work, and you might get blacklisted 4. Do any of the above via a Bot Net • Even if you get caught, you don’t get blocked!

  19. Method #3: Connect Directly to Victim’s SMTP Server Method #2: Use a Third Party SMTP Server Method # 1: Use your SMTP Server Method #4: Bot Net Our Simulations Servers Clients WinXP: 57.35.6.133 Host Machine: 57.35.6.131 WinXP2: 57.35.6.134 Fictional yahoo.com RedHat7.2 Machine: 57.35.6.132

  20. Mass Email Countermeasures • Limit who can send on your server • Only users on the domain can “RELAY” • Use a blacklist to prevent connections from known spammers • Filter messages as they come in

  21. SpamAssassin • Open source & extremely common • Very complex • Lots of rules • Uses scores to determine what is spam • Has learning capabilities • Can connect to services to receive rules and blacklists • www.spamhaus.org • More info at: http://spamassassin.apache.org

  22. SpamAssassin in the Lab • We walk through the setup of some basic rules.

  23. Your Last Line of Defense… • The email client • Web-based email clients can rapidly aggregate feedback and build more responsive filters. • Gmail, Yahoo, Hotmail, etc.

  24. In the Lab Summary • Set up Servers • Harvest emails • Email Address Spiders: wget/grep & Atomic • FTP method • Experiment with address verification • Send mass emails through each scenario • Use manual connection and Atomic Email Sender • Implement some countermeasures • RELAY limitations • WPoison • Hide Email Addresses • Install, setup, and test SpamAssassin

  25. Questions?

More Related