Honeypots mailing list archives
Re: honeypots as spam traps
From: Jack Cleaver <jackc () jackpot uk net>
Date: Tue, 09 Mar 2004 09:43:12 +0000
Andy Streule wrote:
it's a good way of seeing who the most is directed at. which is obviously yahoo and hotmail. instead of one almighty huge logfile.i was vaguely thinking of someway of having stats/logs on a website or automatically emailing them out to isps. I havent really decided yet.
Consider taking a look at my spam relay honeypot: http://www.jackpot.uk.net It maintains a database of captured relay attempts, which is used to dynamically generate web-pages of spams and spam-sources (it contains its own mini-web-server). I used to LART spam-source hosts and upstreams with a link to the web-pages. I'm not particularly suggesting that you should download it and use it - I've stopped maintaining it. But you might find the documentation pages interesting.
Stuff i discovered so far. the spam starts about 12-24hrs going being online. Whoever is scanning for open proxies that leads to this spam isnt the sort to add proxies to openproxy lists. I tried adding myself to open proxy lists yesterday and had an altogether different experience.
I haven't run a relay honeypot for over a year, since I now run a proper MX, and I don't want it blacklisted. When I got DHCP'd, it was fairly random whether a spammer found the relay within hours or only after a cpople of weeks. Submitting the relay to an open-relay blocklist usually had a dramatic effect within 24 hours. Chances are the world has changed a lot since then. -- Jack.
Current thread:
- honeypots as spam traps Andy Streule (Mar 05)
- Re: honeypots as spam traps Ian Baker (Mar 05)
- Re: honeypots as spam traps Stef (Mar 07)
- Re: honeypots as spam traps Michael (Mar 07)
- Re: honeypots as spam traps Byron Sonne (Mar 08)
- <Possible follow-ups>
- RE: honeypots as spam traps Andy Streule (Mar 08)
- Re: honeypots as spam traps Jack Cleaver (Mar 09)
- Re: honeypots as spam traps Jack Cleaver (Mar 10)