Honeypots mailing list archives
RE: Mail Honeypot Thesis
From: Jesper Jurcenoks <jesper.jurcenoks () netvigilance com>
Date: Wed, 22 Apr 2009 14:15:14 -0700
Hi dotcompex. Make sure you don't actually relay the emails! Only emulate an open relay, and then accept the emails for relay, without actually relaying them. If you relay then you become part of the problem, and not part of the solution. There should be no need to use TCPdump to capture the email traffic originator, any normal STMP program should put the originating IP-address in the logfile. You should add a spam filter based on originating IPS to your solution so that you don't accept emails from known spammers, this way you will focus on discovering the unknown Originating IPs. If you don't then you will just be using your bandwidth on known spammers without the benefit you are seeking. Honestly I don't see the research value in you discovering a few more originating IPs using known detection methods. Most of these IPs will only be spamming for a few days any way. You could change the focus of your report to have several Open relays on different servers and try to determine if spammers prefer one kind of mail server over another. You could also try and measure how many spammer are using SMTP over TLS(SSL) compared to unencrypted SMTP This would make your thesis much more interesting to read. If you are done with the experiment part, then this advise comes a bit late but I hope it helps anyway. Jesper Jurcenoks -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of dotcompex Sent: Wednesday, April 22, 2009 6:55 AM To: honeypots () securityfocus com Subject: Mail Honeypot Thesis I'm doing mail honeypot project for my thesis. Having a little bit problem in writing good report. I hope u all can comment it so I can edit before submit it. For the start, I attach my abstract. Electronic mail or in short can be called email is an important communication method since internet were propagated in the early 1980s. People have change their way of communication since the used of email arising. However the efficacy of email is being endangered by spam problems when the Internet was opened up to the public. As defined by Spamhaus Project, spam applied to Unsolicited Bulk Email. Unsolicited means that the recipient has not approved for the message to be sent. Bulk means that the message is sent in large quantities and indistinguishable content. Mail servers that run Simple Mail Transfer Protocol (SMTP) service which are open relay are exposed to be abused by spam. An open relay mail server will relay any messages through it. This project will help to determine the spam source of origin and their contents. Methodology used in this project is experimental approach. This project will be run on Qmail mail server which is an open relay and tcpdump for data capturing. The open relay mail server will be act as mail honeypot to attract spammers. Hopefully this project can benefit others by contributing spam source of origin to be inserted in spam block list. -- View this message in context: http://www.nabble.com/Mail-Honeypot-Thesis-tp23175462p23175462.html Sent from the Honeypots mailing list archive at Nabble.com.
Current thread:
- Mail Honeypot Thesis dotcompex (Apr 22)
- RE: Mail Honeypot Thesis Jesper Jurcenoks (Apr 22)
- RE: Mail Honeypot Thesis Ian Bradshaw (Apr 22)