The silent network: denying the spam and malware chatter using free tools
BSDCan, Ottawa, May 18th 2007
Peter N. M. Hansteen
peter@bsdly.net
Copyright
© 2006 by Peter N. M. Hansteen
Table of Contents
Malware, virus, spam - definitions
A history of malware
A history of malware, cont'd
History: The Morris Worm
Microsoft vs the internet
Modern malware
Spam
Spam: characteristics
The ugly truth
Code audits
Fighting back
Tools: content scan
The comedy of our errors
Behavioral methods
Behavioral methods: greylisting
Behavioral methods: greylisting (cont'd)
Behavioral methods: greytrapping
Combinations and pitfalls
Where do we fit in?
a working model
The output: logs, tags
Giving spammers a harder time:
spamd
Giving spammers a harder time: The rules
Blacklists and whitelists
Giving spammers a harder time (cont'd)
SMTP connections by connection length
Protecting the expensive appliance
Protecting the expensive appliance (cont'd)
spamdb and greytrapping
Active spam sending hosts (traplist)
Useful new features in OpenBSD 4.1
Conclusions
Resources