2010 b5 spam source detection at home
TRANSCRIPT
- 1. Spam Source Detection at Home (SSD@Home)(SSD@Home) : [email protected] @t t th d [email protected] 1
- 2. Who am I? A programmer (). C/C++, Win32 SDK, Linux Kernel Programming. A CEH. () Anti-Botnet BoT (..) 2 ( )
- 3. Anti-Botnet 3
- 4. Anti-Botnet 4
- 5. Anti-Botnet ()() 5
- 6. Anti-Botnet B t t IDS l tBotnet IDS rule set 6
- 7. Anti-Botnet Spam Source List Spam Source List. 7
- 8. Anti-Botnet () 8
- 9. Anti-Botnet Port Scan 9
- 10. Anti-Botnet 10
- 11. Anti-Botnet Bot-like host distribution. 11
- 12. Anti-Botnet 12
- 13. Anti-Botnet : http://anti-botnet.edu.tw/ (TANet ) 1313 (TANet )
- 14. 1. SPAM 2 2. 3. 4. 5 5. 14
- 15. 1. SPAM SPAM ()( ) $ & .. > SPAM 15
- 16. 1. SPAM The Matrix () Cl d + M t i ?Cloud + = Matrix ? 16
- 17. 1. SPAM Spam Sourcep SPAM ? SPAM ( @ @)( @_@) 17
- 18. 2. Botnet Honeypot () 18
- 19. 2. Port Scan S port scan log , port scan target port ports g p p 19
- 20. 2. Port Scan Target Port Top 20 (2009/09-2009/12)o t Sca a get o t op 0 ( 009/09 009/ ) Web Honeypot. port 25, right? port 25, right? 20
- 21. 2. raw data raw data .. 21
- 22. 2. .. 25 port 1. 25 port 1. 25 port Nessus 2 Open Rela ?2. Open Relay? ! SMTP Server 22
- 23. 2. RFC 821(?) mail server HoneySMTPd 23
- 24. 2. SMTP 24
- 25. 2. HoneySMTPd 1000 (in C) Trust me, You can make it too 25
- 26. 4 pages 4 pages. 26
- 27. 2. !? ! !? 27
- 28. 3. HoneySMTPd Open Relay () 28
- 29. 3. HoneySPTMd 12 yS email address email address 50.43% 50 00% 60.00% 41.01% 30 00% 40.00% 50.00% 8 56% 20.00% 30.00% 8.56% 0.00% 10.00% Hinet Yahoo Others 29
- 30. 3. email email ? email google email google 30
- 31. 3. SPAM Log List 31
- 32. 3. url url 32
- 33. 3. HoneySPTMd 78 HoneySPTMd 78 SPAM-bot IP address ( HoneySMTPd ) 33
- 34. 3. 34
- 35. 3. botnet traffic botnet traffic HoneySMTPd traffic traffic HoneySMTPd 120M SPAM traffic120M SPAM traffic () (.) 35
- 36. 36
- 37. 37
- 38. 3. HoneySMTPd + public IP (port 25) 12 SPAM 78 SPAM bot IP78 SPAM bot IP 120M pure SPAM traffic SETI@home 38
- 39. 4. Single Honeypot Cooperative Honey Cloud Honeypot Detection Cloud Detection as a Service (DaaS) Service (DaaS) (IDS rule)rule) 39
- 40. 4. 4. Honeypot Log 40
- 41. 4. HoneySMTPd Open Source 2010/08 ()( ) Honey Cloud log log Map/Reduce 41
- 42. 4. The Anti-Botnet Project of TANet 42
- 43. 1. SPAM Source Open Relay S S p y mail server ? 2. (~) 3 HoneySMTPd IP 3. HoneySMTPd IP IP TANet SPAM relay? TANet SPAM relay? 43
- 44. 1. Anti-Botnet Project / 2. Botnet 4. HoneySMTPd Open Source 5. HoneySMTPd ()() 44
- 45. Thanks for your attention f y Q&A As the host of heaven cannot be numbered, neither the sand of the sea measured. Jer33:22J 45