DCC and honeypot

Stef mitiste@iit.edu
Wed Mar 3 03:11:38 UTC 2004


On Mar 2, 2004, at 3:09 PM, Vernon Schryver wrote:

>> From: Stef
>
>> I have a honeypot setup with Postfix, a rule to "hold" all emails 
>> being
>> attempted to relay through it, and a couple of users accounts (local)
>> having been used as honeytokens, by putting them on a web site,
>
>> ...
>> I can run the hold queue through the DCC, for reporting, before 
>> getting
>> rid of those messages?  ...
>
> For what purpose?  The odds are on the order of 1,000,000 to 1 that
> your honeypots see any given spam first, unless it is sufficiently
> customized to be unique as far as the DCC checksums can tell.

I am already "wasting" the resources, which had another design purpose 
to begin with (i.e. spam analysis based on country of origin, after 
having registered domains and having "planted" honeytokens all over the 
world). While black-holing all emails (not many - just started - 
probably a couple thousands a day - but still more than nothing, for a 
site that does not exist per-se ;)), I thought of putting those to some 
use.

> <snip>
> Vernon Schryver    vjs@rhyolite.com

Thx,
Stef




More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.