A Protection Method against Denial of Service Attack Caused by Sender Spoofed Spam Mails
Grant-in-Aid for Scientific Research (C)
|Allocation Type||Single-year Grants |
|Research Institution||OKAYAMA UNIVERSITY |
YAMAI Nariyoshi OKAYAMA UNIVERSITY, Information Technology Center, Associate Professor, 総合情報基盤センター, 助教授 (90210319)
NAKAMURA Motonori Kyoto University, ACCMS, Associate Professor, 学術情報メディアセンター, 助教授 (30268156)
MIYASHITA Takuya OKAYAMA UNIVERSITY, Information Technology Center, Research Associate, 総合情報基盤センター, 助手 (70304300)
OKAYAMA Kiyohiko OKAYAMA UNIVERSITY, Faculty of Engineering, Research Associate, 工学部, 助手 (20252588)
|Project Period (FY)
2003 – 2004
Completed (Fiscal Year 2004)
|Budget Amount *help
¥3,600,000 (Direct Cost: ¥3,600,000)
Fiscal Year 2004: ¥1,000,000 (Direct Cost: ¥1,000,000)
Fiscal Year 2003: ¥2,600,000 (Direct Cost: ¥2,600,000)
|Keywords||E-mail / spam mail / Denial of Service attack / mail server / DNS / load sharing / spamメール / SPAMメール / ネームサーバ|
This research project aims to develop a protection method against Denial Service (DoS) attack to victim mail servers, by means of massive error mails generated by sender spoofed spam mails. We have developed the following functions.
1.Early detection of DoS attacks
We have verified two early detection methods of DoS attack, namely monitoring DNS query frequency and counting the number of error mails received. According to the attack log of a mail server of Okayama University in August 2004, we have confirmed that both methods are effective for early detection.
2.Load sharing of error mail handling among mail servers
We have developed a processing method to separate error mails from normal mails, depending on existence of MX record cache. According to the attack log in August 2004, we have confirmed that this method is effective for load sharing. We also have developed a priority control method of mail delivery from specified mail servers, by giving a different MX record to each DNS query.
3.Speeding up of error mail processing
We have developed a speeding up method of error mail processing, not by discarding after receiving, but by rejecting all mails with null sender address during DoS attack.
4.Processing of complaint mails
We have developed a method to distinguish complaint mails using a distributed spam database. In this method normal mails including the attacking spam mail are processed as complaint mails.
5.Identification of spam sender
We have developed a sender identification system which finds out the IP address of the spam sender and, if the sender exists on the inside network, pinpoints the location of spam sender to an accuracy of room level. We also developed an operation method of e-mail systems based on "POP before SMTP", applicable even to large scale organizations that introduce a mail gateway.
Report (3 results)
Research Products (29 results)