At 12:48 PM 4/9/2003 +0100, Matt Sergeant wrote:
On Wednesday, Apr 9, 2003, at 12:25 Europe/London, Brad Spencer wrote:
At 12:17 PM 4/9/2003 +0100, Matt Sergeant wrote:
This is a bogus assumption. It's much easier to test an open proxy by
testing it can connect somewhere you own, not check that you can
relay mail through it. I have no idea why a spammer would try the
latter since it's much *much* slower. Or you'd even test it can
access a known web site, like google.
I logged the tests. How is that bogus? The idiot did exactly what I
said, using my honeypot.
<http://groups.google.com/
groups?selm=3D7E48C6.25D6ACF7%40mail.tds.net&output=gplain>, for
example.
It's bogus because it means you cannot create an open proxy honeypot.
You can only create an open relay honeypot. The assumption that
spammers probing for open relays by trying to relay a test email
through them is bogus because there's no way to ensure that the spammer
No way? I think the purpose of ASRG is to find ways to do things, is it
not? I'd guess that right now spammer usage of open proxies is done so
simply and stupidly that if all proxy use were directed to the same IP,
controlled by the operator of the open proxy, most spammers wouldn't notice
as long as the results looked good to them. I could be wrong in my guess -
the problem is that guessing is needed because there are few
facts. Neither you nor I know.
(or hacker) doesn't use your open proxy honeypot for other means.
Matt.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg