On Jun 10, 2013, at 9:30 PM, Dave Warren da...@hireahit.com wrote:
I doubt it's a guy, but it wouldn't surprise me if the botnet that performs
the dictionary attack forwards the results off to a guy to confirm that
the account works.
no, really, it's a bot. They have tens of millions of
On Mon, 10 Jun 2013 20:27:05 -0700
Marc Perkel supp...@junkemailfilter.com wrote:
I'm not sure. I'm wondering if they use automation and maybe it's not
so smart. I don't think there is a guy typing passwords.
Certainly not, but it's easy enough to program a password-cracker to try
to detect
On Mon, 10 Jun 2013 20:33:29 -0700
Marc Perkel supp...@junkemailfilter.com wrote:
We'll - it does waste their time and resources.
Not so they'd notice. The basic rule is: No matter how much computing
power and bandwidth you have, the spammers have a lot more. Trying to
tie up their resources
On 2013-06-11 00:48, Neil Schwartzman wrote:
On Jun 10, 2013, at 9:30 PM, Dave Warren da...@hireahit.com
mailto:da...@hireahit.com wrote:
I doubt it's a guy, but it wouldn't surprise me if the botnet that
performs the dictionary attack forwards the results off to a guy
to confirm that the
I'm experimenting with an interesting spam trap idea. Normally I run
many inbound servers as spam filters (Using Exim) with no SMTP
authentication. But then I got this idea
I decided to implement and advertise that the server had SMTP
athentication even though there was nothing to
On Mon, 10 Jun 2013 08:32:35 -0700
Marc Perkel supp...@junkemailfilter.com wrote:
I decided to implement and advertise that the server had SMTP
athentication even though there was nothing to authenticate. I
created an authenticator that would accept any username and password.
But it's
On Mon, 10 Jun 2013, Marc Perkel wrote:
I'm experimenting with an interesting spam trap idea. Normally I run many
inbound servers as spam filters (Using Exim) with no SMTP authentication. But
then I got this idea
I decided to implement and advertise that the server had SMTP
Le 10/06/2013 17:38, David F. Skoll a écrit :
That's an interesting honeypot. I've seen spammers crack SMTP AUTH
passwords, but in most cases the first thing they do is send an email
to a freemail account with a subject like:
192.168.33.55,user,passwd
and if they don't get the
On Mon, 10 Jun 2013 17:49:11 +0200
John Wilcock j...@tradoc.fr wrote:
Theoretically you could detect such confirmation messages (logically
the first message from a given user,password pair) and actually
deliver them, then harvest the rest! But you'd have to be really
careful not to become a
Marc Perkel skrev den 2013-06-10 17:32:
Thoughts?
postfix recently got smtpd_relay_restrictions, wonder if it comes from
that idear, its not need auth if spam is just delivered localy not
needing relaying, but it will still be possible to make alias forwarding
so its not relaying, just
John Wilcock skrev den 2013-06-10 17:49:
Theoretically you could detect such confirmation messages (logically
the first message from a given user,password pair) and actually
deliver them, then harvest the rest! But you'd have to be really
careful not to become a spam relay in the process!
David F. Skoll skrev den 2013-06-10 17:53:
Also, putting on a spammer hat (NOT that I actually own one!) if the
credentials user/password worked for me via SMTP AUTH, I would then
try
user/anotherpassword and if those *also* worked, I'd assume it was
a
honeypot and avoid it.
i would
On 6/10/2013 8:53 AM, David F. Skoll wrote:
On Mon, 10 Jun 2013 17:49:11 +0200
John Wilcock j...@tradoc.fr wrote:
Theoretically you could detect such confirmation messages (logically
the first message from a given user,password pair) and actually
deliver them, then harvest the rest! But you'd
On 6/10/2013 8:38 AM, David F. Skoll wrote:
On Mon, 10 Jun 2013 08:32:35 -0700
Marc Perkel supp...@junkemailfilter.com wrote:
I decided to implement and advertise that the server had SMTP
athentication even though there was nothing to authenticate. I
created an authenticator that would accept
Marc Perkel skrev den 2013-06-11 05:33:
We'll - it does waste their time and resources. Maybe it would be
better if it failed every time just to keep them working at it. Maybe
I should open pop and imap ports just to make it more inviting
looking.
+1 ;)
as is spammers knowing using pop3 to
One of the things I like about it is that if hackers are sending spam
into my fake server then it takes away from their efforts on real
accounts that they could hack. I'm wondering if enough of us put up fake
authentication not only can we detect spam that way but we could waste a
lot of
On 2013-06-10 20:27, Marc Perkel wrote:
I'm not sure. I'm wondering if they use automation and maybe it's not
so smart. I don't think there is a guy typing passwords.
Perhaps only accepting the first password for any particular account
from a single IP, and rejecting different password
: Interesting Spam Trap Idea - Fake Authentication
Datum: tis, jun 11, 2013 06:30
On 2013-06-10 20:27, Marc Perkel wrote:
I'm not sure. I'm wondering if they use automation and maybe it's not
so smart. I don't think there is a guy typing passwords.
Perhaps only accepting the first password
18 matches
Mail list logo
