BSDCan2007 - Confirmed Schedule

BSDCan 2007
The Technical BSD Conference

Peter Hansteen
Day 3
Room SITE H0104
Start time 15:00
Duration 01:00
ID 13
Event type Lecture
Track System Administration
Language English

The silent network

Denying the spam and malware chatter using free tools

Though the first Internet worm in 1988 was Unix software, malicious software today is primarily a Windows problem. In the free unix environments, a number of techniques and tools are available to stop unsolicited email and malware before it reaches the end user. This presentation deals with the principles and practice of keeping your network peace through intelligent use of free tools which are available on your favorite BSD.

Preliminary Table of Contents:

Malware, Virus, Spam The definitions A history of malware a brief historical overview

The Morris Worm The first unix worm, what it did and its consequences in Internet security thinking

Microsoft invents the internet In the mid nineties, the writers of edlin discovered networking. we consider their discoveries and what they brought with them

Modern malware if they crack your system, what do they do?

Spam Back to the other annoyance, and why it ties in with malware

The ugly truth a few basics you should know about non-trivial software

Fighting back How OpenBSD and other freenixes go about making life unbearable for malware writers in a few (or at least logical) easy steps

Where do we fit in? Enough theory already, what can a Unix sysadmin *do*

Spam: characteristics We see patterns, note them

Tools: content scan Make the robots read mail, make decisions a few pros and cons

More of the mundane: behavioral methods the miscreants are fun to watch, and we read their (en)trails we look at some examples of how they've adapted and review some of the tools at our disposal

A working model Finally, a sample configuration. One you can build on any BSD. Integrating content filtering in your MTA's delivery chain

Giving spammers a hard time

The final part of the presentation goes into some detail of how to use PF and its spamd companion application, progressing through the proper selection of blacklists, greylisting and greytrapping with some examples and data on our success rate and the level of noise we are fighting. Protecting expensive proprietary appliance style tools with free tools can sometimes be enlightening.