2014 Technology Exchange

Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Detecting and Quantifying IPv6-based SMTP Abuse

Time 10/30/14 09:15AM-10:00AM

Room White River Ballroom D

Session Abstract

Abuse of the IPv6 Internet is still largely unexplored and uncertain. Quantifying and characterizing abusive traffic over IPv6 will help to better understand current and future threats associated with its continued deployment. In this work we address IPv6-based abuse of the Simple Mail Transfer Protocol (SMTP) by collecting and analyzing a year’s worth of data from a large enterprise. We elicit abusive activity by instituting a type of SMTP honeypot for the organization’s email domain, concurrent with its production deployment. We implement novel techniques for fingerprinting operating systems (OSes) and applications and associating IPv4 and IPv6 addresses from dual-stack clients. We study the presence of IPv6 activity at our honeypot and find activity distributed among various operating systems and network origins, yet dwarfed by the abusive IPv4 activity at the same honeypot.


Speaker Casey Deccio VeriSign, Inc.

Presentation Media

Primary track Advanced Networking/Joint Techs

Secondary tracks Security

platinum Sponsors

gold Sponsors

silver Sponsors

bronze Sponsors

supporter Sponsors