CRIME Recommended Honeypot Tools?

From: Clint Kaiser (clint.kaiser@private)
Date: Mon Apr 21 2003 - 14:52:40 PDT

  • Next message: Crispin Cowan: "Re: CRIME Recommended Honeypot Tools?"

    Hi folks,
    
    Does anyone have experience with the open honeypot project?  I'm looking
    for a recommendation on honeypot tools. 
    
    Clint Kaiser
    Director of Information Security
    First Technology Credit Union
    
    
    -----Original Message-----
    From: Crispin Cowan [mailto:crispin@private] 
    Sent: Thursday, April 10, 2003 6:41 PM
    To: Steve Coffman
    Cc: crime@private
    Subject: Re: CRIME dnj cum get some fmmwmm
    
    
    Steve Coffman wrote:
    
    > It really makes one wonder. Do they know what kind of list this is?
    
    Of course not. The essence of spam is shotgun marketing, where you blow 
    out as much crap as you can in the hopes of hitting a customer, with no 
    regard what so ever for who ever else you might hit. A recent study 
    found that 90% or more of spammed e-mail addresses were harvested by 
    robots that collect e-mail addresses found on web pages. *Note:* that 
    includes posts to this list, which are publicly archived.
    
    > On the other hand, can anyone take any actual action against them?
    
    A little 
    <http://directory.google.com/Top/Computers/Internet/Abuse/Spam/?tc=1>. 
    Personally, I use spamcop <http://spamcop.net/>. In practice, it likely 
    does very little damage to spammers, but it does hurt them a bit, and 
    tools like that are the only leverage we have that pushes back against 
    the spammers at all.
    
    I also have recently begun using Mozilla 1.3 
    <http://www.mozilla.org/releases/#1.3> (the Immunix 
    <http://nxnw.org/distro/nxnw.org/RPMS/> version) as my mail client, 
    which includes Bayesian spam filtering 
    <http://www.mozilla.org/mailnews/spam.html>. This works quite well, but 
    unlike things like Spamcop, client-side filtering does not hurt the 
    spammers *at all*, and just invites the spammers to to send even *more* 
    spam, with even more variant spelling and formatting to try and evade 
    filtering.
    
    Crispin
    
    -- 
    Crispin Cowan, Ph.D.                      http://wirex.com/~crispin/
    Chief Scientist, WireX                    http://wirex.com
    HP/Trend Micro Immunix Secured Solutions
    http://h18000.www1.hp.com/products/servers/solutions/iis/
    			    Just say ".Nyet"
    



    This archive was generated by hypermail 2b30 : Mon Apr 21 2003 - 15:39:50 PDT