^ Top

NANOG Meeting Presentation Abstract

Detecting and Quantifying IPv6-based SMTP Abuse
Meeting: NANOG62
Date / Time: 2014-10-06 1:00pm - 1:30pm
This item is webcast
Room: Constellation Ballroom
Presenters: Speakers:

Casey Deccio, Verisign Labs

Casey Deccio is a Senior Research Scientist at Verisign Labs. His interests include protocol analysis and improvement and tool development, with the objective of increasing stability, security, and safety of the Internet. Among his research and development focuses are DNSSEC deployment enhancements, DNS ecosystem tools/monitoring, and the measurement, modeling, and analysis of deployed Internet protocols, including DNS/DNSSEC and IPv6. Previously, Casey was a Principal Research and Development Cyber Security Staff member at Sandia National Laboratories, where he was responsible for network-related research and development, including DNSSEC and IPv6 deployment efforts. At Sandia he developed DNSViz, the widely used Web-based tool for DNS analysis and visualization. Casey earned B.S. and M.S. degrees in Computer Science from Brigham Young University, in 2002 and 2004, respectively, and received a Ph.D. from UC Davis in 2010, also in Computer Science.
Abstract: Abuse of the IPv6 Internet is still largely unexplored and uncertain. Quantifying and characterizing abusive traffic over IPv6 will help to better understand current and future threats associated with its continued deployment. In this work we address IPv6-based abuse of the Simple Mail Transfer Protocol (SMTP) by collecting and analyzing a year’s worth of data from a large enterprise. We elicit abusive activity by instituting a type of SMTP honeypot for the organization’s email domain concurrent with its production deployment. We implement novel techniques for fingerprinting operating systems (OSes) and applications and associating IPv4 and IPv6 addresses from dual-stack clients. We study the presence of IPv6 activity at our honeypot and find some activity distributed among various operating systems and network origins.
Files: pdfDetecting and Quantifying IPv6-based SMTP Abuse(PDF)
youtubeDetecting and Quantifying IPv6-based SMTP Abuse
Sponsors: None.

Back to NANOG62 agenda.

NANOG62 Abstracts

  • Security Track
    Speakers:
    John Kristoff, Team Cymru ; Krassimir Tzvetanov, A10 Networks;
  • Security Track
    Speakers:
    John Kristoff, Team Cymru ; Krassimir Tzvetanov, A10 Networks;
  • DNS Track
    Moderators:
    Paul Ebersman, Comcast; Speakers:
    Glen WileyVerisign; .
    Tim WicinskiSalesforce; .
    Dave LevinUniversity of Maryland; .
  • DNS Track
    Moderators:
    Paul Ebersman, Comcast; Speakers:
    Glen WileyVerisign; .
    Tim WicinskiSalesforce; .
    Dave LevinUniversity of Maryland; .
  • DNS Track
    Moderators:
    Paul Ebersman, Comcast; Speakers:
    Glen WileyVerisign; .
    Tim WicinskiSalesforce; .
    Dave LevinUniversity of Maryland; .
  • DNS Track
    Moderators:
    Paul Ebersman, Comcast; Speakers:
    Glen WileyVerisign; .
    Tim WicinskiSalesforce; .
    Dave LevinUniversity of Maryland; .
  • Research Track
    Moderators:
    Manish KarirMerit Network; .
    Speakers:
    Robert LychevGeorgia Tech; .
    Maria KonteGeorgia Tech; .
    Sean DonovanGeorgia Institute of Technology; .
    Nithin MichaelCornell University; .
    Hyojoon KimGeorgia Tech; .
  • Research Track
    Moderators:
    Manish KarirMerit Network; .
    Speakers:
    Robert LychevGeorgia Tech; .
    Maria KonteGeorgia Tech; .
    Sean DonovanGeorgia Institute of Technology; .
    Nithin MichaelCornell University; .
    Hyojoon KimGeorgia Tech; .
  • Research Track
    Moderators:
    Manish KarirMerit Network; .
    Speakers:
    Robert LychevGeorgia Tech; .
    Maria KonteGeorgia Tech; .
    Sean DonovanGeorgia Institute of Technology; .
    Nithin MichaelCornell University; .
    Hyojoon KimGeorgia Tech; .
  • Research Track
    Moderators:
    Manish KarirMerit Network; .
    Speakers:
    Robert LychevGeorgia Tech; .
    Maria KonteGeorgia Tech; .
    Sean DonovanGeorgia Institute of Technology; .
    Nithin MichaelCornell University; .
    Hyojoon KimGeorgia Tech; .
  • Research Track
    Moderators:
    Manish KarirMerit Network; .
    Speakers:
    Robert LychevGeorgia Tech; .
    Maria KonteGeorgia Tech; .
    Sean DonovanGeorgia Institute of Technology; .
    Nithin MichaelCornell University; .
    Hyojoon KimGeorgia Tech; .
  • Research Track
    Moderators:
    Manish KarirMerit Network; .
    Speakers:
    Robert LychevGeorgia Tech; .
    Maria KonteGeorgia Tech; .
    Sean DonovanGeorgia Institute of Technology; .
    Nithin MichaelCornell University; .
    Hyojoon KimGeorgia Tech; .

 

^ Back to Top