14_email - E-mail Security Peter Sjdin [email protected] Based on...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
1 E-mail Security Peter Sjödin [email protected] Based on material by Vitaly Shmatikov, Univ. of Texas, and by the previous course teachers
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 E-mail Security • Overview and e-mail spoofing • Design considerations •P G P •S / M I M E
Background image of page 2
3 Simple Mail Transfer Protocol (SMTP) SMTP delivers mail to a user’s mailbox Normally via an outgoing SMTP mail server Store and forward X.400 terminology Mail Transfer Agent (MTA) “mail server” User Agent (UA) “client”
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Mail Format •P l a i n t e x t • RFC 822 • MIME extension for encoding of non-text data – Multipurpose Internet Mail Extension MAIL FROM: [email protected] RCPT TO: [email protected] From: Alice To: Bob Date: 2004-02-19 08:01 Subject: Important mail Please read carefully!
Background image of page 4
5 MIME • Content formats and transfer encodings – Binary (non-text) objects (binary files) –N o n - A S C I I t e x t – Multi-part message bodies • Integration of security and MIME has had large influence on evolution of e-mail security protocols MIME-version : 1.0 Content-type : multipart/mixed; boundary="frontier" This is a multi-part message in MIME format. --frontier Content-type : text/plain This is the body of the message. --frontier Content-type : application/octet-stream Content-transfer-encoding : base64 PGh0bWw+CiAgPGhlYWQ+CiAgPC9oZWFkPgogIDxib2R5PgogICAgPHA+VGhpcyBpcyB0aGUg Ym9keSBvZiB0aGUgbWVzc2FnZS48L3A+CiAgPC9ib2R5Pgo8L2h0bWw+Cg== --frontier-- From Wikipedia
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Email Spoofing • Mail is sent via SMTP protocol – No built-in authentication • MAIL FROM field is set by the sender – Classic example of improper input validation • Recipient’s mail server only sees IP address of the direct peer from whom it received the message
Background image of page 6
7 Open Relays SMTP relay forwards mail to destination 1. Bulk email tool connects via SMTP (port 25) 2. Sends list of recipients via RCPT TO command 3. Sends email body (once for all recipients!) 4. Relay delivers message Honest relay adds correct Received: header revealing source IP Hacked relay does not
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
8 Received: by 10.78.68.6 with SMTP id q6cs394373hua; Mon, 12 Feb 2007 06:43:30 -0800 (PST) Received: by 10.90.113.18 with SMTP id l18mr17307116agc.1171291410432; Mon, 12 Feb 2007 06:43:30 -0800 (PST) Return-Path: <[email protected]> Received: from onelinkpr.net ([203.169.49.172]) by mx.google.com with ESMTP id 30si11317474agc.2007.02.12.06.43.18; Mon, 12 Feb 2007 06:43:30 -0800 (PST) Received-SPF: neutral (google.com: 203.169.49.172 is neither permitted nor denied by best guess record for domain of [email protected]) Message-ID: <[email protected]> From: "Barclay Morales" <[email protected]> To: <[email protected]> Subject: You can order both Viagra and Cialis. A Closer Look at Spam Inserted by relays Puerto Rico Mongolia Bogus!
Background image of page 8
9 Why Hide Sources of Spam? • Many email providers blacklist servers and ISPs that generate a lot of spam – Use info from spamhaus.org, spamcop.net • Real-time blackhole lists stop 15-25% of spam at SMTP connection time – Over 90% after message body URI checks • Spammers’ objective: evade blacklists –B o t n e t sc om e v e r y h a n d y !
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
10 Thin Pipe / Thick Pipe
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 02/16/2011 for the course ICT 2 taught by Professor 2 during the Spring '11 term at Kungliga Tekniska högskolan.

Page1 / 36

14_email - E-mail Security Peter Sjdin [email protected] Based on...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online