RE: Honeypot/net IDS System

["Aditya, ALD [Aditya Lalit Deshmukh]" <aditya.deshmukh () online gateway technolabs net>]

> I'm puzzled by everyone's interest in "fake honeypot" systems. I've run a
> couple of them for several years and there is almost NO traffic even
> though I have a bunch of email addy's on web pages for spamscrapers to
> find.

is it possible that everone has finally got of the bumps and started securing their computer systems ? and they are 
deploying the honeypots as a part of the "proactive security policy" ;)



> Running a tarpit as the front end of our mail system catches bunches of
> spammers. Why wouldn't you do that instead? It is much more effective and
> eliminates the spam from our incoming MTA as well as killing the net
> traffic associated with the spam. Since spam outnumbers real messages by
> more than 10 to 1 (at least here), this is beneficial.


running a tar pit can be achieved by using a combination of postfix + spam assassain + avirmail 
cuts the spam by 99% and is very effective for cutting down all the spam traffic 

the postfix server can issue a error 550 in the middle of the DATA statement if needs be if the incomming connection is 
determined to be spam.
it also works on dns resoultions, the to & from headers and other cretieria 

- this is very easy to setup and maintain- i use it in my production network and it net accessiable without any thing 
in the front.

works like a charm and is rock steady, ofcourse the server running is hardened openbsd.

-aditya