By Topic

Reducing the Effect of Distributed Directory Harvest Attack and Load of Mail Server

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

4 Author(s)

A Directory Harvest Attack or DHA is a technique used by spammers in an attempt to determine the valid e-mail addresses associated with an e-mail server so that they can be added to a spam database. Directory Harvest Attackers send the blank mail to the server to collect the valid user-id. They do this by observing the server's reply. Traditionally attackers use single IP address to send mails. Recently attackers use different IP address to send mail and from one IP address, they send 1-2 mails. Therefore, only blocking IP address is not sufficient to reduce the effect of DHA. The Directory Harvest Attackers not only collect the valid user-id but also increase the load of mail server. In this paper, we propose a framework that reduces the distributed attack and load of mail server. With IP address, the user-id is also blocked in this framework. Due to this, the attacker cannot send mails by using same user-id and different IP addresses. The framework consists of distributed servers that maintain two databases to block the source, one is for IP address, and another is for user-id. All the distributed servers share their database information with each other. Another module is there in the model named front-end filter, which act as a main gateway in the domain. Mail servers decide the black listed source and pass this information to the front-end filter. The filter checks the incoming source address with its black listed information. If the address is in black list then it sends all the mail coming from the attacker to the reply generator. Reply generator is another module in the framework that gives only 'invalid recipient address' reply to the source. Therefore, front-end filter and distributed method reduces the DHA and load of server. This electronic document is a "live" template.

Published in:

Industrial and Information Systems, 2008. ICIIS 2008. IEEE Region 10 and the Third international Conference on

Date of Conference:

8-10 Dec. 2008