Honeypots mailing list archives
RE: Anyone with experience w/VirtualMDA?
From: "JP Garcia" <jgarcia () networkadvocates com>
Date: Wed, 30 Mar 2005 13:17:08 -0500
Believe it or not, I think I've isolated how they would "pay" someone, now, whether they actually pay someone is left for speculation. It seems that the client initiates an SMTP connection to a certain site and closes it. Immediately after that, they initiate an HTTP connection to what I believe is their "time log" server, to log the .000001 seconds it took to send an email. Here's the funny thing. We've been using it for some time now, and have not sent 1 piece of email. To verify, I removed the computer with VirtualMDA, and put a machine with an SMTP engine on it and sent a message to another server. My setup pulled the whole message transmission, no problem. All VirtualMDA seems to do is initiate a telnet session and immediately quit. I figure that VirtualMDA does this periodically to log and allow people's dynamic IPs to connect to their servers. So, back to the "problem," we haven't sent out any mail. This is good news, yes, but when using it in a honeypot environment, it doesn't help catch new spam campaigns. Any ideas? -JP -----Original Message----- From: Christian Kreibich [mailto:christian () whoop org] Sent: Tuesday, March 29, 2005 5:05 PM To: Honeypots List Subject: Re: Anyone with experience w/VirtualMDA? On Tue, 2005-03-29 at 12:11 -0500, JP Garcia wrote:
I'm using it in a "honeypot" of sorts... trying to observe outgoing traffic to see if I can snarf out spam email signatures. I'm
listening
passively with ethereal via a network tap (NetOptics... it's great!). So far, nothing. Anyone have experience with it?
Heh, I came across virtualmda the other day. If you can figure out how they do any form of accounting over the spam the client actually pumped out successfully, I'd be thrilled to hear about it. The way I parse their small print, there's essentially no way they'll ever pay anyone anything, so I wonder if they actually *do* any accounting. Cheers, Christian. -- ________________________________________________________________________ http://www.cl.cam.ac.uk/~cpk25 http://www.whoop.org
Current thread:
- Anyone with experience w/VirtualMDA? JP Garcia (Mar 29)
- Re: Anyone with experience w/VirtualMDA? Christian Kreibich (Mar 29)
- <Possible follow-ups>
- RE: Anyone with experience w/VirtualMDA? JP Garcia (Mar 30)
- Re: Anyone with experience w/VirtualMDA? Valdis . Kletnieks (Mar 30)