At 01:02 PM 4/9/2003 +0100, Matt Sergeant wrote:
That still doesn't explain how you can build an open proxy honeypot. This
is still about an open relay honeypot. Please explain in terms of *just*
an open proxy honeypot.
It's a proxy server that doesn't do as it's told. All connection attempts
through it to port 25 anywhere are diverted to an SMTP honeypot. I suppose
the SMTP honeypot code could be internal to the open proxy honeypot -
that's a detail.
The spammer connects to port 4080 of the honeypot, says connect to port 25
of some server. The honeypot changes that to be a connection to a
honeypot's port 25 and let's it through. Everything works but the spammer
never gets beyond the honeypot space. If the spammer tries something else
either it is allowed or it isn't. If allowing the other connection is
unsafe then don't do it. If the connection attempt is to a proxy port
elsewhere intercept it, handle it locally. Make what the spammer sees look
like he is succeeding in what he is trying to do but make it not
succeed. In all probability it's an automated tool that makes no checks on
the reasonableness of the results. Why would it? The spammers for years
have been free to abuse.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg