Autore: Jasen Betts Data: To: exim-users Oggetto: Re: [exim] Spamtrap harvesting idea using fake authentication
On 2013-06-09, Cyborg <cyborg2@???> wrote: > Am 09.06.2013 05:08, schrieb Todd Lyons:
>> On Fri, Jun 7, 2013 at 7:42 AM, Ian Eiloart <iane@???> wrote:
>>>> Suppose we reconfigured servers with no authentication configuration to advertise that they take authentication and that you have a fake authenticator that accepts any password.
>>> It might be better to accept only, say, 1% of authentication attempts. That would prevent the hacker from trivially detecting your trap (by authenticating to the same account with two different passwords).
>> Even better: accept that 1%, store that info, and then wait for IP's
>> to connect using that username and password combination (and either
>> reject it or blackhole it, your choice) and use long delays for
>> systems that connect with that user/pass combo.
>>
>
> One small problem with that, if you accept 1% of all connections, you
> have to make sure, that already authenticated username/password combos
> are not rejected. Anyone would notice it if try #1 succeeds and #2 #3 #4
> #5 not..
>
> Honeypots arn't that simple to setup :)
>
> Marius
perhaps use hashing to match usernames and passwords,
