PineApp OSG  IPv6 The Battle Against Botnet
Upcoming SlideShare
Loading in...5

PineApp OSG IPv6 The Battle Against Botnet



With global broadband penetration rates increasing, and smart phone technologies becoming more accessible, the burden on ISPs and Telcos to provide reliable, efficient internet services is more ...

With global broadband penetration rates increasing, and smart phone technologies becoming more accessible, the burden on ISPs and Telcos to provide reliable, efficient internet services is more complex and necessary than ever before. With this increased burden, Service Providers are facing serious challenges from malicious and organized networks of computers called botnets. Botnets operate within a network, using a Service Provider’s infrastructure to distribute massive quantities of spam. Botnets are responsible for the distribution of up to 90% of the world’s spam and strike at a Service Provider’s core business assets: IP addresses and bandwidth.

The PineApp OSG is a carrier-grade solution that can be easily deployed to scan and block up to 99% of all unwanted or malicious outbound email traffic. Easy to deploy, the OSG functions as a transparent proxy that informs the Service Provider, in real time and with granular level statistics, about which IP addresses within their networks are being controlled by botnets.



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds


Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

PineApp OSG  IPv6 The Battle Against Botnet PineApp OSG IPv6 The Battle Against Botnet Presentation Transcript

  • IPv6 IPv6 The Battle Against Botnet
  • World Population Vs IP Nodes Worldwide 60 Ip Nodes Mondial Population 50 40 Almost 1000%  grow of IP hosts!  Conservative  estimations 30 20 2008 – More Ip’s nodes than world  population 10 +/‐ 26% grow of the world population 0 2003 2010 2015 2020
  • Migration to IPv6 Incentives. IPv6 Incentives. • Need for more address space (exhaustion of IPv4 Space) ( h ti f IP 4 S ) • Government mandate • Mobile communication and 4G • Population growth in APAC • More appropriate model for emerging services More appropriate model for emerging services
  • Spam Latest World Numbers • The percentage of global spam – November 2011 *Securelist Kaspersky
  • More IP Space Means • • • • More available sources of spamming More available spamming targets More space to mask sources of spam M t k f More overall spam! p
  • Botnet and SPAM mechanism • Botnet deploy on malware and worms. • Botnet are usually activated through IRC, HTTP  ll d h h or P2P protocols for DDoS and SPAM • Botnet are spreading SPAM using SMTP All the mechanisms are application layers!
  • Botnet Vs Host Vs SPAM Date created 1999 2009 (May) 2008 (around) 2008 (around) Date dismantled !a 2010‐Oct (partial) 2009‐Dec 2009 Dec Name 999,999,999 BredoLab Mariposa Estimated no. of bots 100000 30,000,00030,000,000[20] 12,000,000 12 000 000[21] Spam capacity !a 3.6 billion/day 0 ? 0? Aliases Oficla 0? Conficker 10,500,000+[22] 10 billion/day 2010 (around) 20 0 ( d) TDL4 4,500,000[23] 00 000 0 ? 0? 0? Zeus 3,600,000 (US Only)[24] ‐1n/a 2007 (Around) Cutwail 1,500,000[25] 74 billion/day 2008 (Around) 0? Sality Grum 1,000,000[26] 560,000[27] ? 39.9 billion/day DownUp,  DownAndUp,  DownAdUp, Kido TDSS, Alureon SS l Zbot, PRG,  Wsnpoem, Gorhax,  Kneber Pandex, Mutant  (related to: Wigon,  Pushdo) Sector, Kuku Tedroo 0? Mega‐D 509,000[28] 10 billion/day Ozdok 0? Kraken 495,000[29] 9 billion/day Kracken 2007 (March) Srizbi 450,000[30] 60 billion/day Cbeplay, Exchanger
  • Impact of SPAM on IPv4 Hosts and SP IPv4 • Exposition of Hosts to criminal content Exposition of Hosts to criminal content • Exposition of SP to complain from customers • Black listing systems usage prevent from users to  communicate through SMTP • Overhead of administration for SP to delist  networks
  • Traditional IPv4 prevention systems IPv4 Inbound SPAM filtering based on: b d fl b d • IP RBL IP RBL • IP reputation • SMTP analysis • Signatures
  • IPv4 IPv4 Filter Efficiency Statistic base on empiric info from global install base 8.5% 29.5% DNS RBL 62.0% IP Rep App Level A L l
  • Address based filter Add b d filt • With time the most effective filter tool With time the most effective filter tool • RBL and IP reputation list block 90% of SPAM BUT • Not yet clear plan of migration to IPV6 scale ip Not yet clear plan of migration to IPV6 scale ip reputation lists • Not clear model of efficiency of this kind of list on  l d l f ffi i f hi ki d f li IPV6 addressing model • Not yet a clear practice of IP distribution model ‐ Black Listing not yet possible
  • SMTP Model.
  • SMTP Filtering Model End User Anti DHA Valid MX Email Fingerprint Spoofing Heuristic IP Filters Tarpitting Bounce Mail DOES Grey List RBL Incoming mail Anti Zombie Z bi IP REP
  • Impact of IPv6 on SPAM IPv6 The huge address space and growing devices connected, will provide and Th h dd d i d i d ill id d almost unlimited space for Spammer to operate!  IP b d based reputation system won’t be scalable to 2^128 address space. t ti t ’t b l bl t 2^128 dd On IPv4 we reach 4.3B entry database The address space assignation for users (/48 or /64) will permit SPAM mechanism address space assignation for users (/48 or /64) will permit SPAM mechanism  to virtually never use the same address twice. All the well known mechanisms of SPAM will remain effective  The application  All the well known mechanisms of SPAM will remain effective – The application layer in IPV6 is the same than IPV4 Growing of Hosts infected will permit creation of so huge DoS that Data  Growing of Hosts infected will permit creation of so huge DoS that Data inspection based system will overload.
  • What About The Transition Period ? Migration to IPv6 will take time. Meanwhile we  will have several model of dual stack network or  tunneling solutions • Transition period will be optimal for SPAM Transition period will be optimal for SPAM • Most network operators will focus energy on  migration – not on SPAM battle. / g • Dual stack and/or tunneling models will  masquerade the originator of SPAM
  • Mail Services and IPv6 IPv6 • Most of the SMTP services will remain IPv4 for  the foreseeable future • Need for Dual stack or IPv4 dedicated relay • Black listing for a relay will affect a lot of end  l kl f l ll ff l f d users • DNS BL cache won’t be able to scale to the V6  size
  • IPv4 IPv4 Exhaustion Implications • Many provider will have a transition period  based on IPv4 solution • NAT 44 may permit to provider to consider  later the move to IPv6 later the move to IPv6 • Masking number of user with one public IP is  also masking the real source of SPAM • Black list will again affect a lot of users Black list will again affect a lot of users 
  • SPAM Battle for the Next Years • Preventing SPAM on the connection level  , , y will be, more than ever, the best way to  prevent SPAM • Anti spam systems that operate on the Anti‐spam systems that operate on the  application protocol and transport layer will  remain the most effective solutions • Awareness of customers: Anti virus, P2P  Awareness of customers Awareness of customers Anti virus, P2P customers: protection, dedicated anti‐spam software