The silent network: denying the spam and malware chatter using free tools

BSDCan, Ottawa, May 18th 2007

Peter N. M. Hansteen

peter@bsdly.net


Table of Contents
Malware, virus, spam - definitions
A history of malware
A history of malware, cont'd
History: The Morris Worm
Microsoft vs the internet
Modern malware
Spam
Spam: characteristics
The ugly truth
Code audits
Fighting back
Tools: content scan
The comedy of our errors
Behavioral methods
Behavioral methods: greylisting
Behavioral methods: greylisting (cont'd)
Behavioral methods: greytrapping
Combinations and pitfalls
Where do we fit in?
a working model
The output: logs, tags
Giving spammers a harder time: spamd
Giving spammers a harder time: The rules
Blacklists and whitelists
Giving spammers a harder time (cont'd)
SMTP connections by connection length
Protecting the expensive appliance
Protecting the expensive appliance (cont'd)
spamdb and greytrapping
Active spam sending hosts (traplist)
Useful new features in OpenBSD 4.1
Conclusions
Resources