[Dshield] I want SPAM

Roger A. Grimes roger at banneretcs.com
Wed Mar 2 21:35:06 GMT 2005


I run a lot of honeypots, and in general, if you leave an open relay or
open proxy, the spam bots will find it without any help from you in
minutes to 24 hours and you'll have all the free spam you want. The
longest any of my boxes have gone without investigation and subsequent
exploit to sending millions of spams is 13 hours.  Most happen in a few
hours.  A large chunk in under an hour.

Be prepared though, because even a cable modem will quickly be
overwhelmed. Usually, you'll have to allow at least a few of the
spambot's test transactions through (i.e. really be in an open relay or
proxy state) to get them started.  Then close off the open proxy or
relay, and collect away. 

A really easy, quick honeypot for doing so is KFSensor
(www.keyfocus.net). It will handle all the details for you.  You can
download a free demo.  Of course, there are dozens of spam relay
honeypots on the Net to play with.

Roger

************************************************************************
***
*Roger A. Grimes, Banneret Computer Security, Computer Security
Consultant 
*CPA, CISSP, MCSE: Security (NT/2000/2003/MVP), CNE (3/4), CEH, CHFI
*email: roger at banneretcs.com
*cell: 757-615-3355
*Author of Malicious Mobile Code:  Virus Protection for Windows by
O'Reilly
*http://www.oreilly.com/catalog/malmobcode
*Author of Honeypots for Windows (Apress)
*http://www.apress.com/book/bookDisplay.html?bID=281
************************************************************************
****

 

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Shane Presley
Sent: Wednesday, March 02, 2005 8:57 AM
To: General DShield Discussion List
Subject: [Dshield] I want SPAM

I have a honey-pot address (a throw away domain/e-mail address) that I
need to quickly get a lot of SPAM too.  What sites would be good to get
that e-mail address out there in the wild.

(this is to test an anti-spam solution)

Thanks,
Shane
-------------- Sponsor Message ------------------------------------
SANS Intrusion Immersion Training: Orlando, FL, February 3-9th
http://www.sans.org/orlando05

_______________________________________________
send all posts to list at lists.dshield.org To change your subscription
options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list