At 03:08 PM 4/3/2003 -0800, you wrote:
On Thursday, April 3, 2003, at 02:37 PM, Hallam-Baker, Phillip wrote:
Clearly everything that is received by a honey pot is almost
certain to be indiscriminate. there is a small chance that
a message could get in one honeypot through accidental
mistyping of a name. it is almost certain that any message that
shows up in multiple honeypots is spam.
Trap and honeypot addresses also get leaked over time, and get used as
attack vectors. If you know, for instance, that a domain will blackhole
any site that sends to trapperjohn@<domain>, then you simply start forging
email from domains or sites you want in trouble to that address. You can
raise all sorts of havoc depending on how trusting the trap is that it's
not being used to attack things.
I think you are using a second definition of honeypot. I run a relay spam
honeypot - it's address shows only as the SMTP server the spammer
chooses. If the spammer sends something referencing the honeypot by it's
IP name the email is MX'd elsewhere. Still pesky at that elsewhere but
handled like any mis-addressed email would be. It isn't an email address
used as a spamtrap, it's a fake open relay.
Others run open proxy honeypots. Those can be neat - Gypsy Proxy (which is
giving me problems right now) runs its own SMTP server and deflects any
traffic for port 25 that comes in on a proxy port to the local SMTP server
no matter what IP the SMTP is supposed to go to. The local SMTP server
pretends it's the IP the spammer wanted to contact. Not only is it
effective it's very funny (when you think about it.) I wish I could get it
to work...
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg