MINlMIZATION OF DHA (DIRECTORY HARVEST ATTACK) AND LOAD OF MAIL SERVER

Abstract

Directory Harvest Attackers (DHA) attack the mail server to get the valid email addresses and sell these addresses to the spammer(s). The attacker's not only collect the valid user addresses but also slow down the server. The attackers send many blank mails to the mail server to get the valid user address which exists in that domain. Spammers buy the user email addresses and send the SPAM to these addresses. There are many techniques to detect and filter the SPAM, but few techniques are there to reduce DHA. Some protection techniques of mail server are there against centralized DHA, but they fail to protect distributed DHA. In this work "Minimization of DHA (Directory Harvest Attack) and Load of Mail Server", a distributed framework has been proposed, which minimizes the effect of DHA and distributes the load of SMTP server. Blocking criteria to protect distributed attack is totally novel in the proposed framework. The framework consists of following module 1) front-end-filter, which comprises two databases 2) Reply generator and 3) Distributed servers, which also comprise two databases. The front-end-filter checks whether the source is in black list or not, if the source is not in the blacklist then sends ping to every SMTP server. It then forwards the mail to the SMTP server that responds first, thereby distributing the load. Each SMTP server has its own database. All the distributed SMTP servers store the email addresses and IP addresses to their own databases and in that corresponding entry store the number of mails coming from respective source. All the updates are shared between the distributed SMTP servers. If the count of number of mails is beyond the threshold, then corresponding source is blacklisted and this information is sent back to the front-end-filter. Front-end-filter checks the source address. If it is already black listed then send a packet to the reply generator along with source address. The reply generator generates `invalid recipient' reply and send it back to the source. Use of Front-end filter minimizes the effect of DHA and load on SMTP server. The effectiveness of the approach is validated with simulation in NS-2 on a Linux platform.