Honeypots mailing list archives

Re: Anyone with experience w/VirtualMDA?

From: Valdis.Kletnieks () vt edu
Date: Wed, 30 Mar 2005 15:16:01 -0500

On Wed, 30 Mar 2005 13:17:08 EST, JP Garcia said:

We've been using it for some time now, and have not sent 1 piece of
email.  To verify, I removed the computer with VirtualMDA, and put a
machine with an SMTP engine on it and sent a message to another server.
My setup pulled the whole message transmission, no problem.  All
VirtualMDA seems to do is initiate a telnet session and immediately
quit.  I figure that VirtualMDA does this periodically to log and allow
people's dynamic IPs to connect to their servers.


Maybe VirtualMDA is able to detect it's in your honeypot environment and
refusing to do its song-and-dance while you're actively watching it?

Somehow, this reminds me of Michigan J. Frog: http://en.wikipedia.org/wiki/One_Froggy_Evening

Attachment: _bin
Description:

Current thread:

Anyone with experience w/VirtualMDA? JP Garcia (Mar 29)
- Re: Anyone with experience w/VirtualMDA? Christian Kreibich (Mar 29)
- <Possible follow-ups>
- RE: Anyone with experience w/VirtualMDA? JP Garcia (Mar 30)
  - Re: Anyone with experience w/VirtualMDA? Valdis . Kletnieks (Mar 30)