Empirical analysis of Denial of Service attack against SMTP servers

Abstract

In this paper we show that the performance of the generic SMTP servers are more limited than we previously thought. We implemented a environment to test SMTP server performance focusing on Denial of Service (DoS) attacks. Our measurements show that a standard SMTP server can be easily overloaded by sending simple emailmessages and the overload can occur without consuming all network bandwidth. Our measurements also show that the usage Of conte nt filte ring applications can harm the performance so much that the server become even more vulnerable to DoS attacks. In the paper we describe the problems of performance measurements in SMTP environment and we also give a detailed background about the performed measurements. e.g we proposed to use traffic level measurements in a DoS front-end ([1]). In the current paper our goal is to help the understanding why SMTP servers are so much affected with DoS related problems, and why such countermeasures are important. We also do not claim that measuring throughput of a server is something really novel, but in fact, we found no such usable information (e.g. scientific paper) to help or base our work in the field of DoS protection of SMTP servers. © 2007 IEEE.