Who’s Got Your Mail?:Characterizing Mail Service Provider Usage

E-mail has long been a critical component of daily communication and the core medium for modern business correspondence. While traditionally e-mail service was provisioned and implemented independently by each Internet-connected organization, increasingly this function has been outsourced to third-party services. As with many pieces of key communications infrastructure, such centralization can bring both economies of scale and shared failure risk. In this paper, we investigate this issue empirically --- providing a large-scale measurement and analysis of modern Internet e-mail service provisioning. We develop a reliable methodology to better map domains to mail service providers. We then use this approach to document the dominant and increasing role played by a handful of mail service providers and hosting companies over the past four years. Finally, we briefly explore the extent to which nationality (and hence legal jurisdiction) plays a role in such mail provisioning decisions

Antispam filters

Práce se zabývá návrhem a realizací antispamového řešení pro operační systém GNU/Linux. V úvodní části je popsána teorie přenosu, příjmu poštovních zpráv a pro- blematika nevyžádané pošty. V rámci práce je realizován poštovní server přenosovým agentem Postfix. Amavis byl využit jako antispamové řešení, který tvoří rozhranní mezi Postfixem a programy na kontrolu obsahu zpráv. Ty jsou tvořeny SpamAssassin a Cla- mAV. Hlavním cílem bylo vytvoření aplikace pro nastavování antispamových filtrů. Vý- sledkem je možnost nastavování a vytváření filtrů spolu se seznamy černých a bílých odesílatelů. Zprávy uložené v karanténě je možné obnovit. Zprávy uložené v karanténě slouží pro tvorbu statistik nevyžádané pošty.The thesis is involves the desing antispam solution for operating system GNU/Linux. At the first is going through theory of transport, receive mail message and problematic of spam. The content of thesis is realize mail server with mail transfer agent Postfix. Amavis was used as antispam solution, which make an interface between Postfix and content checkers. This was created by SpamAssassin and ClavAV. Main goal was created aplication for setting of antispam filters. The result is possibility of setting a creating filters with black and white lists. Messages in quarantine ca

Improving Anycast with Measurements

Since the first Distributed Denial-of-Service (DDoS) attacks were launched, the strength of such attacks has been steadily increasing, from a few megabits per second to well into the terabit/s range. The damage that these attacks cause, mostly in terms of financial cost, has prompted researchers and operators alike to investigate and implement mitigation strategies. Examples of such strategies include local filtering appliances, Border Gateway Protocol (BGP)-based blackholing and outsourced mitigation in the form of cloud-based DDoS protection providers. Some of these strategies are more suited towards high bandwidth DDoS attacks than others. For example, using a local filtering appliance means that all the attack traffic will still pass through the owner's network. This inherently limits the maximum capacity of such a device to the bandwidth that is available. BGP Blackholing does not have such limitations, but can, as a side-effect, cause service disruptions to end-users. A different strategy, that has not attracted much attention in academia, is based on anycast. Anycast is a technique that allows operators to replicate their service across different physical locations, while keeping that service addressable with just a single IP-address. It relies on the BGP to effectively load balance users. In practice, it is combined with other mitigation strategies to allow those to scale up. Operators can use anycast to scale their mitigation capacity horizontally. Because anycast relies on BGP, and therefore in essence on the Internet itself, it can be difficult for network engineers to fine tune this balancing behavior. In this thesis, we show that that is indeed the case through two different case studies. In the first, we focus on an anycast service during normal operations, namely the Google Public DNS, and show that the routing within this service is far from optimal, for example in terms of distance between the client and the server. In the second case study, we observe the root DNS, while it is under attack, and show that even though in aggregate the bandwidth available to this service exceeds the attack we observed, clients still experienced service degradation. This degradation was caused due to the fact that some sites of the anycast service received a much higher share of traffic than others. In order for operators to improve their anycast networks, and optimize it in terms of resilience against DDoS attacks, a method to assess the actual state of such a network is required. Existing methodologies typically rely on external vantage points, such as those provided by RIPE Atlas, and are therefore limited in scale, and inherently biased in terms of distribution. We propose a new measurement methodology, named Verfploeter, to assess the characteristics of anycast networks in terms of client to Point-of-Presence (PoP) mapping, i.e. the anycast catchment. This method does not rely on external vantage points, is free of bias and offers a much higher resolution than any previous method. We validated this methodology by deploying it on a testbed that was locally developed, as well as on the B root DNS. We showed that the increased \textit{resolution} of this methodology improved our ability to assess the impact of changes in the network configuration, when compared to previous methodologies. As final validation we implement Verfploeter on Cloudflare's global-scale anycast Content Delivery Network (CDN), which has almost 200 global Points-of-Presence and an aggregate bandwidth of 30 Tbit/s. Through three real-world use cases, we demonstrate the benefits of our methodology: Firstly, we show that changes that occur when withdrawing routes from certain PoPs can be accurately mapped, and that in certain cases the effect of taking down a combination of PoPs can be calculated from individual measurements. Secondly, we show that Verfploeter largely reinstates the ping to its former glory, showing how it can be used to troubleshoot network connectivity issues in an anycast context. Thirdly, we demonstrate how accurate anycast catchment maps offer operators a new and highly accurate tool to identify and filter spoofed traffic. Where possible, we make datasets collected over the course of the research in this thesis available as open access data. The two best (open) dataset awards that were awarded for these datasets confirm that they are a valued contribution. In summary, we have investigated two large anycast services and have shown that their deployments are not optimal. We developed a novel measurement methodology, that is free of bias and is able to obtain highly accurate anycast catchment mappings. By implementing this methodology and deploying it on a global-scale anycast network we show that our method adds significant value to the fast-growing anycast CDN industry and enables new ways of detecting, filtering and mitigating DDoS attacks

Ein verteiltes Reputationssystem zur Filterung unerwünschter E-Mails

Die vorliegende Arbeit beleuchtet verschiedene Verfahren zur Bekämpfung unerwünschter E-Mails, insbesondere Sender Policy Framework, Sender ID and Domain Keys Identified Mail. Des weiteren wird, basierend auf DKIM und/oder SPF ein verteiltes Reputationsverfahren zur Filterung unerwünschter E-Mails vorgeschlagen

Uma proposta de gerenciamento para a rede catarinense de ciencia e tecnologia

Dissertação (Mestrado) - Universidade Federal de Santa Catarina, Centro TecnologicoA importância do processo de gerenciamento de redes, suas possibilidades de uso e seus benefícios são ressaltados, especialmente quando aplicado em um backbone de âmbito regional. Neste sentido é apresentada uma proposta de gerência para a Rede Catarinense de Ciência e Tecnologia - RCT. Trata-se de uma contribuição para a sua administração e operacionalização (buscando sempre as melhores condições de funcionamento) com o objetivo também de colaborar com a disseminação e dismistificação desta cultura. A RCT, inicialmente projetada com 21 pontos de presença distribuídos em 14 cidades, encontra-se em fase de ampliação; serão 59 pontos beneficiando diretamente 36 cidades. Sua concepção e implementação são descritas com o registro dos principais fatos, de seus pontos de presença, das instituições que a compõem, de sua atual fase de desenvolvimento, etc. O modelo de gerenciamento OSI, com sua arquitetura CMIP é apresentado, assim como a classificação das necessidades de gerenciamento, de acordo com o modelo funcional (falhas, desempenho, configuração, contabilização e segurança). Relaciona-se também um conjunto de RFC's que definem a arquitetura SNMP-Internet, a SMI e sua árvore de registros, os tipos de acesso e aspectos característicos de uma comunidade e, complementarmente, em que consiste um sistema de gerenciamento de redes. São apresentadas algumas ferramentas básicas de gerenciamento ad hoc e relacionadas às MIB's disponíveis, com destaque para a MIB privada Cisco e a netView6000SubAgent. Com o enfoque voltado ao cliente, conforme os atuais conceitos de qualidade total, passou-se à definição do público-alvo, segmentado de acordo com suas necessidades e a forma de atendê-las (responsáveis pela tomada de decisão, grupos de gerência de redes e usuários da Internet). Para o conjunto de usuários da Internet estão disponíveis informações relativas à distribuição de tráfego ao longo do dia nas diferentes linhas de comunicação do backbone, monitoradas com urn aplicativo de domínio público (Routers-stats), O uso de um aplicativo comercial (AIX SystemView SetView 6000 for AIX), em função do maior número de recursos disponíveis, tanto em monitoração como em controle, está voltado a atender às necessidades do grupo, de gerência de redes. Analisa-se a freqüência de polling para a monitoração de tráfego, indicam-se as variáveis das MIB's mais adequadas a receberem acompanhamentos e também os indicadores derivados destas e considerados importantes (taxa de utilização do canal de comunicações, problemas no canal de comunicações, taxas de descarte de pacotes, taxa de erros e utilização da estação de trabalho). Aos responsáveis pela tomada de decisão recomendam-se relatórios específicos, especialmente preparados para a necessidade em questão, procurando evitar relatórios técnicos e rotineiros. Face à dinamicidade da RCT, seja em função de seu crescimento (aumento do número de pontos e/ou tráfego) ou em relação à adoção de novas tecnologias (implantação do ATM entre Ufsc e Udesc, etc.) ou face à evolução das ferramentas de gerenciamento, é fundamental a contínua reavaliação desta propostas, abrindo amplas possibilidades para a continuidade deste trabalho

Diseño de una plataforma de computación distribuida cooperativa, utilizando servicios de una red compañero a compañero

El modelo de arquitectura compañero a compañero (P2P), utilizado en la construcción de sistemas distribuidos, ha tomado un auge importante con la expansión de Internet. Los servicios basados en sistemas P2P permiten que computadoras de usuario final se conecten directamente formando comunidades, cuya finalidad es el compartir recursos de distinta índole. En esta tesis se exponen, a modo de contribución original, un prototipo de middleware denominado GnutWare, que brinda soporte de comunicaciones a aplicaciones de usuario sobre una red que opera bajo el modelo de comunicaciones compañero a compañero; y un diseño de un servicio de cómputo masivo distribuido denominado P2P-Flops, que está soportado sobre la mencionada red, donde un conjunto de computadoras de usuario final donan ciclos de CPU ociosos a determinados proyectos que requieran cómputo intensivo.Facultad de Informátic