A simple framework for filtering queued SMTP mail (cyberwar countermeasures)

Bass, T.; Watt, G.

doi:10.1109/milcom.1997.644877

Cited by 7 publications

(7 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Different from other hacker intrusions, e-mail bombs come through normal Internet applications and use fake account or public ISP systems to attack specified users [2,9]. They are only one source but a large amount of mails occupy the computer resources and destroy systems.…”

Section: E-mail Bombsmentioning

confidence: 99%

“…They are only one source but a large amount of mails occupy the computer resources and destroy systems. For example, a "bomber" sent over 24,000 messages to a university computer in one day [5] and the other hacker sent approximately 25,000 messages to a military unit within 8 h [2]. Preventing e-mail bombs are difficult [2,3], because there are many email bomb techniques employed by hackers, such as direct email spam, indirect e-mail spam, rejected e-mail spam, chain relay e-mail spam, mailing list spam [2], chain bombs, error message bombs, covert distribution channels, exploiting mail exploders and list servers, and automated attack tools [3].…”

Section: E-mail Bombsmentioning

confidence: 99%

“…In the researches of e-mail bombs detection, Base et al [2,3] pointed out that to capture and minimize delivery of e-mail bombs by a rules-based filter and then block bombs in routers is the right method to use. Bass et al presented an e-mail bombs filter [3] that used a mathematical process of collecting e-mail statistics on the daily volume.…”

Section: E-mail Bombsmentioning

confidence: 99%

“…In this article, the simple e-mail packet collecting structure and a fuzzy analyzing method that were used to capture e-mail bombs in a university computer center was presented. Following the principle of blocking bombers by Bass et al [2], the method tries to capture the e-mail bombs' real source IP. A fuzzy inference filter model is also designed in this research.…”

mentioning

confidence: 99%

See 3 more Smart Citations

An intelligent method to block e-mail bombs

Chang

2007

Appl Intell

View full text Add to dashboard Cite

It is hard to block e-mail bombs because they are usually sent by normal SMTP (Simple Mail Transfer Protocol) applications with fake mail sender addresses and IP addresses. Fortunately, original network packets contain real IP address information anyway. Collecting and analyzing these packet contents can help an administrator to realize where the e-mail bombs are coming from and block them. This article presents a simple method that uses a bandwidth manager device to collect and analyze packets to get e-mail bombs information as well as to block e-mail bomb source IP addresses in routers. In practical application experiences at the computer center in a university, this method blocked e-mail bombs simply and effectively. Furthermore, a fuzzy inference system was also designed to help identify e-mail bombs. Its fuzzy membership functions could be adapted using the fuzzy neural network learning method. In brief, the proposed method affords an automatic and adaptable alarm to find e-mail bombs.

show abstract

Section: E-mail Bombsmentioning

confidence: 99%

Section: E-mail Bombsmentioning

confidence: 99%

Section: E-mail Bombsmentioning

confidence: 99%

mentioning

confidence: 99%

See 2 more Smart Citations

An intelligent method to block e-mail bombs

Chang

2007

Appl Intell

View full text Add to dashboard Cite

show abstract

“…The ways of attacks includes SMTP Flooding Attack (SMTPFA), spam attacks and the malicious attachment etc. in e-mail [1,2,10,12]. The SMTPFA will increase the loading of the server.…”

Section: Introductionmentioning

confidence: 99%

A New Approach for Detecting SMTPFA Based on Entropy Measurement

Chen

Sun

Tseng

et al. 2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

In this paper, we propose a new approach of detecting a kind of Simple Mail Transfer Protocol Flooding Attack (SMTPFA for short) based on entropy measurement. We will calculate the entropy values from the received packets flow. Further checking its entropy value compared with the values of abnormal entropy, we then use it to detect this server whether is suffered some attacks from hacker. The scheme can easily detect SMTPFA, and monitor the real-time status of SMTP server.

show abstract

E-mail bombs and countermeasures: cyber attacks on availability and brand integrity

Bass

Freyre²,

Gruber³

et al. 1998

IEEE Network

Self Cite

View full text Add to dashboard Cite

The simplicity of SMTP mail can be combined with t he robustnessof the sendmail MTA program and misused in numerous ways to create extraordinary and p o werful e-mail bombs. These e-mail bombs can be launched in many different a ttack scenarios which can easily ood and s h ut d o wn chains of SMTP mail servers. Sendmail-based SMTP mail relays also can be used covertly to distribute m essages and les that could be very damaging t o t he i n tegrity a n d brands of victims. This paper discusses mail-bombing t echniques, automated attack t ools, and countermeasures. Also discussed is an actual Internet based attack t hat w as launched in 1997 on the Langley AFB SMTP e-mail infrastructure. We also present a n a n alysis of the cyber-attack, graphs illustrating t he a ttack-volume, and a s t atistical e-mail bomb early-warning system.

show abstract

A simple framework for filtering queued SMTP mail (cyberwar countermeasures)

Cited by 7 publications

References 0 publications

An intelligent method to block e-mail bombs

An intelligent method to block e-mail bombs

A New Approach for Detecting SMTPFA Based on Entropy Measurement

E-mail bombs and countermeasures: cyber attacks on availability and brand integrity

Contact Info

Product

Resources

About