|
Honeypots
mailing list archives
Re: collecting spyware with a honeypot
From: "Jamie Riden" <jamesr () europe com>
Date: Tue, 10 Oct 2006 10:40:48 +1300
On 09/10/06, Marc Samendinger <marc.samendinger () sp-online de> wrote:
They have/had the same problem you are raising, gaining a list of
urls to crawl. One of their idea was to set up a wiki with urls where
malware was found. But I have no idea how far they have come with
setting up a wiki like this.
There should be plenty of these in spam.
Someone suggested setting up a secondary MX - spammers tend to prefer
secondaries as they often have no or limited filtering.
You could also set up a spam honeypot (
http://en.wikipedia.org/wiki/Honeypot_%28computing%29#Spam_honeypots )
like Jackpot and use the results from there.
I seem to remember Messenger spam containing lots of dodgy links, look
for UDP packets going to ports 1025-1030 or so.
cheers,
Jamie
--
Jamie Riden, CISSP / jamesr () europe com / jamie.riden () gmail com
NZ Honeynet project - http://www.nz-honeynet.org/
 By Date 
By Thread
Current thread:
| 
Intro
