ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] Re: 2.a. Analysis - Honeypot!

2003-09-22 10:20:37
from [Liam Meany] [Permanent Link] 
Hello Jose,

I also get mostly hoax upgrades and viruses. It's very interesting that you
got your first spam within four hours where it took me about two months!

Any data would be appreciated.

regards,

Liam


----- Original Message -----
From: "Jose Marcio Martins da Cruz" 
<Jose-Marcio(_dot_)Martins(_at_)ensmp(_dot_)fr>
To: "Yakov Shafranovich" <research(_at_)solidmatrix(_dot_)com>
Cc: "Liam Meany" <meanyl(_at_)eeng(_dot_)dcu(_dot_)ie>; 
<terry(_at_)pantos(_dot_)org>; <asrg(_at_)ietf(_dot_)org>
Sent: Monday, September 22, 2003 9:40 AM
Subject: Re: [Asrg] Re: 2.a. Analysis - Honeypot!





Hello,

Yakov Shafranovich wrote:


Terry Sullivan is involved in the analysis area and can provide some
statistical input on this.


I'm not on that group, but I have some (imho) interesting data.



Liam Meany wrote:


Hello Yakov,

Many thanks for the detailed reply. Point taken on the "subject"

guidelines.

Apologies to all.

A bit on my background
I'm currently working on a dissertation regarding spam - where it

comes

from. To this end I've seeded 398 email addresses in various places on

the

web including web pages, mailing lists and newsgroups. The honeypot is

in

operation for about 3 months now and so far I have only received about

300

actual spam messages.


On april (five months ago), I created a honeypot on our webserver : a
false e-mail address inserted in a comment at the main page of our
webserver.

Less than four hours later, we begun to receive spam on the honeypot.

Now, there are 2067 messages inside. I've just looked to it and I noted
that there are two kind of messages in : spams and virus. I've not
really counted, but it seems to me that 1/4 or something like that are
virus. Amusing ! What does this means ?

Also, if I compare, for some time period, which gateways are sending
spam to and and which gateways are sending virus to us, the intersection
is allways not empty, but has many common entries (sometimes more than
half one set)...

Regards,

Jose-Marcio


--
 ---------------------------------------------------------------
 Jose Marcio MARTINS DA CRUZ           Tel. :(33) 01.40.51.93.41
 Ecole des Mines de Paris              http://j-chkmail.ensmp.fr
 60, bd Saint Michel                http://www.ensmp.fr/~martins
 75272 - PARIS CEDEX 06      
mailto:Jose-Marcio(_dot_)Martins(_at_)ensmp(_dot_)fr



_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] 2.a. Analysis - Honeypot!, Liam Meany
Next by Date:  Re: [Asrg] 7. Best Current Practices - End-users, Yakov Shafranovich
Previous by Thread:  Re: [Asrg] Re: 2.a. Analysis - Honeypot!, Kee Hinckley
Next by Thread:  [Asrg] Re: Details, nazgul
Indexes:  [Date] [Thread] [Top] [All Lists]