Honeypots mailing list archives
Re: Anyone with experience w/VirtualMDA?
From: Valdis.Kletnieks () vt edu
Date: Wed, 30 Mar 2005 15:16:01 -0500
On Wed, 30 Mar 2005 13:17:08 EST, JP Garcia said:
We've been using it for some time now, and have not sent 1 piece of email. To verify, I removed the computer with VirtualMDA, and put a machine with an SMTP engine on it and sent a message to another server. My setup pulled the whole message transmission, no problem. All VirtualMDA seems to do is initiate a telnet session and immediately quit. I figure that VirtualMDA does this periodically to log and allow people's dynamic IPs to connect to their servers.
Maybe VirtualMDA is able to detect it's in your honeypot environment and refusing to do its song-and-dance while you're actively watching it? Somehow, this reminds me of Michigan J. Frog: http://en.wikipedia.org/wiki/One_Froggy_Evening
Attachment:
_bin
Description:
Current thread:
- Anyone with experience w/VirtualMDA? JP Garcia (Mar 29)
- Re: Anyone with experience w/VirtualMDA? Christian Kreibich (Mar 29)
- <Possible follow-ups>
- RE: Anyone with experience w/VirtualMDA? JP Garcia (Mar 30)
- Re: Anyone with experience w/VirtualMDA? Valdis . Kletnieks (Mar 30)