Home   >   CSC-OpenAccess Library   >    Manuscript Information
Full Text Available

(398.71KB)
This is an Open Access publication published under CSC-OpenAccess Policy.
DDoS Protections for SMTP Servers
Michael Still, Eric Charles McCreath
Pages - 537 - 550     |    Revised - 31-01-2011     |    Published - 08-02-2011
Volume - 4   Issue - 6    |    Publication Date - January / February  Table of Contents
MORE INFORMATION
KEYWORDS
Distributed Denial of Service, Email, Simple Mail Transfer Protocol, Survey Paper
ABSTRACT
Many businesses rely on email of some form for their day to day operation. This is especially true for product support organizations, who are largely unable to perform their role in the company if their in boxes are flooded with malicious email, or if important email is delayed because of the processing of attack traffic. Simple Message Transfer Protocol (SMTP) is the Internet protocol for the transmission of these emails. Denial of Service (DoS) attacks are deliberate attempts by an attacker to disrupt the normal operation of a service with the goal of stopping legitimate requests for the service from being processed. This disruption normally takes the form of large delays in responding to requests, dropped requests, and other service interruptions. In this paper we explore the current state of research into Distributed Denial of Service (DDoS) attack detection, protection and mitigation for SMTP servers connected to the Internet. We find that whilst there has been significant research into DDoS protection and detection generally, much of it is not relevant to SMTP servers. During our survey we found only two papers directly addressing defending SMTP servers against such attacks.
CITED BY (4)  
1 Bou-Harb, E., Pourzandi, M., Debbabi, M., & Assi, C. (2013). A secure, efficient, and cost-effective distributed architecture for spam mitigation on LTE 4G mobile networks. Security and Communication Networks, 6(12), 1478-1489.
2 Wang, D., Chen, D., & Guo, R. (2013). DDoS mitigation in content distribution networks. International Journal of Wireless and Mobile Computing, 6(5), 508-514.
3 Cartier, G., Cartier, J. F., & Fernandez, J. M. (2013). Next-generation dos at the higher layers: A study of smtp flooding. In Network and System Security (pp. 149-163). Springer Berlin Heidelberg.
4 E. B. Harb, “A Distributed Architecture for Spam Mitigation on 4g Mobile Networks”, Thesis For Master Of Applied Science (Information Systems Security), The Concordia Institute For Information Systems Engineering (Ciise), Concordia University Montréal, Québec, Canada, September 2011.
1 Google Scholar
2 Academic Journals Database
3 CiteSeerX
4 refSeek
5 iSEEK
6 Socol@r
7 ResearchGATE
8 Libsearch
9 Bielefeld Academic Search Engine (BASE)
10 Scribd
11 WorldCat
12 SlideShare
13 PdfSR
1 M. Abadi, A. Birrell, M. Burrows, F. Dabek, and T. Wobber. Bankable Postage for Network Services. In Proceedings of the 8th Asian Computing Science Conference. Springer-Verlag, 2003.
2 M. Abadi, M. Burrows, M. Manasse, and T. Wobber. Moderately hard, memory-bound functions. ACM Transactions on Internet Technology (TOIT), 5(2):299–327, 2005.
3 Akamai. Technology overview, 2007. Available from http://www.akamai.com/html/ technology/index.htm, accessed on 5 July 2007.
4 Eric Allman. Spam, Spam, Spam, Spam, Spam, the FTC, and Spam. Queue, 1(6):62–69, 2003.
5 Tom Anderson, Timothy Roscoe, and David Wetherall. Preventing Internet denial-of-service with capabilities. SIGCOMM Comput. Commun. Rev., 34(1):39–44, 200
6 Adam Back. Hashcash - A Denial of Service Counter-Measuree, 2002. Available from http://www.hashcash.org/papers/hashcash.pdf, accessed on 7 July 2007.
7 Boldizsár Bencsáth. New Approaches to Mitigate Network Denial-of-Service Problems. PhD thesis, BME Informatikai Tudományok doktori iskola, 2009.
8 Boldizsár Bencsáth and Miklós Aurél Rónai. Empirical analysis of denial of service attack against smtp servers. In Proceedings of The 2007 International Symposium on Collaborative Technologies and Systems, pages 72–79. IEEE, 2007.
9 Boldizsár Bencsáth and István Vajda. Protection against ddos attacks based on traffic level measurements. In 2004 International Symposium on Collaborative Technologies and Systems, pages 22–28., San Diego, CA, USA, January 2004.
10 L. Bent, M. Rabinovich, G. M. Voelker, and Z. Xiao. Characterization of a large web site population with implications for content delivery. In WWW ’04: Proceedings of the 13th international conference on World Wide Web, pages 522–533, New York, NY, USA, 2004.
11 JosĂl’ Brustoloni. Protecting electronic commerce from distributed denial-of-service attacks. In WWW ’02: Proceedings of the 11th international conference on World Wide Web, pages 553–561,New York, NY, USA, 2002.
12 CERT. CERT Advisory CA-1996-21 TCP SYN Flooding and IP Spoofing Attacks, 1996. Available from http://www.cert.org/advisories/CA-1996-21.html, accessed on 4 October 2007.
13 Duncan Cook, Jacky Hartnett, Kevin Manderson, and Joel Scanlan. Catching spam before it arrives: domain specific dynamic blacklists. In ACSW Frontiers ’06: Proceedings of the 2006 Australasian workshops on Grid computing and e-research, pages 193–202, Darlinghurst, Australia, Australia, 2006.
14 Microsoft Corporation. Microsoft Security Bulletin MS10-024: Vulnerabilities in microsoft exchange and windows smtp service could allow denial of service (981832), April 2010.
15 Shibsankar Das and Jussi Kangasharju. Evaluation of network impact of content distribution mechanisms. In InfoScale ’06: Proceedings of the 1st international conference on Scalable information systems, page 35, New York, NY, USA, 2006.
16 Lutz Donnerhacke. Teergurbing FAQ. Available from http://www.iks-jena.de/mitarb/lutz/usenet/teergrube.en.html, accessed on 12 November 2007.
17 C. Dwork, A. Goldberg, and M. Naor. On memory-bound functions for fighting spam. Advances on Cryptology (CRYPTO 2003), Santa Barbara, CA, USA, August, 2003.
18 C. Dwork and M. Naor. Pricing via Processing or Combatting Junk Mail. Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology, pages 139–147, 1992.
19 Hikmat Farhat. Protecting TCP services from denial of service attacks. In LSAD ’06: Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, pages 155–160, New York, NY, USA, 2006.
20 Mark Handley and Adam Greenhalgh. Steps towards a DoS-resistant internet architecture. In FDNA’04: Proceedings of the ACM SIGCOMM workshop on Future directions in network architecture, pages 49–56, New York, NY, USA, 2004.
21 Tim Hunter, Paul Terry, and Alan Judge. Distributed Tarpitting: Impeding Spam Across Multiple Servers. In LISA ’03: Proceedings of the 17th USENIX conference on System administration, pages 223–236, Berkeley, CA, USA, 2003.
22 Alefiya Hussain, John Heidemann, and Christos Papadopoulos. A framework for classifying denial of service attacks. In SIGCOMM ’03: Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer communications, pages 99–110, New York, NY, USA, 2003.
23 Frank Kargl, Joern Maier, and Michael Weber. Protecting web servers from distributed denial of service attacks. In WWW ’01: Proceedings of the 10th international conference on World Wide Web, pages 514–524, New York, NY, USA, 2001.
24 Angelos D. Keromytis, Vishal Misra, and Dan Rubenstein. SOS: secure overlay services. In SIGCOMM ’02: Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications, pages 61–72, New York, NY, USA, 2002.
25 Ramana Rao Kompella, Sumeet Singh, and George Varghese. On scalable attack detection in the network. In IMC ’04: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pages 187–200, New York, NY, USA, 2004.
26 Karthik Lakshminarayanan, Daniel Adkins, Adrian Perrig, and Ion Stoica. Taming IP packet flooding attacks. SIGCOMM Comput. Commun. Rev., 34(1):45–50, 2004.
27 Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott Shenker. Controlling high bandwidth aggregates in the network. SIGCOMM Comput. Commun. Rev., 32(3):62–73, 2002.
28 Z. Morley Mao, Vyas Sekar, Oliver Spatscheck, Jacobus van der Merwe, and Rangarajan Vasudevan. Analyzing large DDoS attacks using multiple data sources. In LSAD ’06: Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense, pages 161–168, New York, NY, USA, 2006.
29 MessageLabs. MessageLabs Intelligence. Available from http://www.messagelabs.com/ mlireport/MLI_Report_October_2007.pdf, accessed on 12 November 2007.
30 Microsoft. Microsoft Security Bulletin (MS00-030): Frequently Asked Questions. Available from http://www.microsoft.com/technet/security/bulletin/fq00-030.mspx, accessed on 12 November 2007.
31 Jelena Mirkovic and Peter Reiher. A taxonomy of DDoS attack and DDoS defense mechanisms. SIGCOMM Comput. Commun. Rev., 34(2):39–53, 2004.
32 Jelena Mirkovic, Max Robinson, and Peter Reiher. Alliance formation for DDoS defense. In NSPW ’03: Proceedings of the 2003 workshop on New security paradigms, pages 11–18, New York, NY, USA, 2003.
33 David Moore, Colleen Shannon, Douglas J. Brown, Geoffrey M. Voelker, and Stefan Savage. Inferring Internet denial-of-service activity. ACM Trans. Comput. Syst., 24(2):115–139, 2006.
34 Judith M. Myerson. Identifying enterprise network vulnerabilities. Int. J. Netw. Manag., 12(3):135–144, 2002
35 Ruoming Pang, Vinod Yegneswaran, Paul Barford, Vern Paxson, and Larry Peterson. Characteristics of internet background radiation. In IMC ’04: Proceedings of the 4th ACM SIGCOMM conference on Internet measurement, pages 27–40, New York, NY, USA, 2004.
36 Tao Peng, Christopher Leckie, and Kotagiri Ramamohanarao. Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput. Surv., 39(1):3, 2007.
37 Stefan Saroiu, Krishna P. Gummadi, Richard J. Dunn, Steven D. Gribble, and Henry M. Levy. An analysis of Internet content delivery systems. SIGOPS Oper. Syst. Rev., 36(SI):315–327, 2002.
38 Snort Team. Website, 2007. Available from http://www.snort.org/, accessed on 1 December 2007.
39 W. Richard Stevens. The Protocols (TCP/IP Illustrated, Volume 1). Addison-Wesley Professional, 1993.
40 Robert Stone. Centertrack: an ip overlay network for tracking dos floods. In Proceedings of the 9th conference on USENIX Security Symposium - Volume 9, pages 15–15, Berkeley, CA, USA, 2000
41 Ao-Jan Su, David R. Choffnes, Aleksandar Kuzmanovic, and Fabián E. Bustamante. Drafting behind Akamai (travelocity-based detouring). In SIGCOMM ’06: Proceedings of the 2006 conference on Applications, technologies, architectures, and protocols for computer communications, pages 435–446, New York, NY, USA, 2006.
42 Chitra Venkatramani, Olivier Verscheure, Pascal Frossard, and Kang-Won Lee. Optimal proxy management for multimedia streaming in content distribution networks. In NOSSDAV ’02: Proceedings of the 12th international workshop on Network and operating systems support for digital audio and video, pages 147–154, New York, NY, USA, 2002.
43 Limin Wang, Vivek Pai, and Larry Peterson. The effectiveness of request redirection on CDN robustness. SIGOPS Oper. Syst. Rev., 36(SI):345–360, 2002.
44 Cynthia Wong, Stan Bielski, Jonathan M. McCune, and Chenxi Wang. A study of mass-mailing worms. In WORM ’04: Proceedings of the 2004 ACM workshop on Rapid malcode, pages 1–10, New York, NY, USA, 2004.
45 Y. Xiang and W. Zhou. An Active Distributed Defense System to Protect Web Applications from DDoS Attacks. In The Sixth International Conference on Information Integration and Web Based Application & Services, 2004.
46 Mengjun Xie, Heng Yin, and Haining Wang. An effective defense against email spam laundering. In CCS ’06: Proceedings of the 13th ACM conference on Computer and communications security, pages 179–190, New York, NY, USA, 2006.
47 Ying Xu and Roch GuĂl’rin. On the robustness of router-based denial-of-service (DoS) defense systems. SIGCOMM Comput. Commun. Rev., 35(3):47–60, 2005.
Mr. Michael Still
- Australia
mikal@stillhq.com
Dr. Eric Charles McCreath
ANU - Australia