|
Honeypots
mailing list archives
RE: Honeypot/net IDS System
From: "Aditya, ALD [Aditya Lalit Deshmukh]" <aditya.deshmukh () online gateway technolabs net>
Date: Tue, 24 Feb 2004 12:56:44 +0530
I'm puzzled by everyone's interest in "fake honeypot" systems. I've run a
couple of them for several years and there is almost NO traffic even
though I have a bunch of email addy's on web pages for spamscrapers to
find.
is it possible that everone has finally got of the bumps and started securing their computer systems ? and they are
deploying the honeypots as a part of the "proactive security policy" ;)
Running a tarpit as the front end of our mail system catches bunches of
spammers. Why wouldn't you do that instead? It is much more effective and
eliminates the spam from our incoming MTA as well as killing the net
traffic associated with the spam. Since spam outnumbers real messages by
more than 10 to 1 (at least here), this is beneficial.
running a tar pit can be achieved by using a combination of postfix + spam assassain + avirmail
cuts the spam by 99% and is very effective for cutting down all the spam traffic
the postfix server can issue a error 550 in the middle of the DATA statement if needs be if the incomming connection is
determined to be spam.
it also works on dns resoultions, the to & from headers and other cretieria
- this is very easy to setup and maintain- i use it in my production network and it net accessiable without any thing
in the front.
works like a charm and is rock steady, ofcourse the server running is hardened openbsd.
-aditya
 By Date 
By Thread
Current thread:
| 
Intro
