Re: [exim] Spamtrap harvesting idea using fake authenticatio…

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMJan Ingvoldstad at <-
MJasen Betts at ->
Delete this message
Reply to this message
Author: Cyborg
Date:  
To: exim-users
Subject: Re: [exim] Spamtrap harvesting idea using fake authentication
Am 09.06.2013 05:08, schrieb Todd Lyons:
> On Fri, Jun 7, 2013 at 7:42 AM, Ian Eiloart <iane@???> wrote:
>>> Suppose we reconfigured servers with no authentication configuration to advertise that they take authentication and that you have a fake authenticator that accepts any password.
>> It might be better to accept only, say, 1% of authentication attempts. That would prevent the hacker from trivially detecting your trap (by authenticating to the same account with two different passwords).
> Even better: accept that 1%, store that info, and then wait for IP's
> to connect using that username and password combination (and either
> reject it or blackhole it, your choice) and use long delays for
> systems that connect with that user/pass combo.
>

One small problem with that, if you accept 1% of all connections, you
have to make sure, that already authenticated username/password combos
are not rejected. Anyone would notice it if try #1 succeeds and #2 #3 #4
#5 not..

Honeypots arn't that simple to setup :)

Marius

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] exim4 smarthost with sslRe: [exim] exim4 smarthost with ssl->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)