1: I never had any MX/A/TXT/SPF record installed ( the ISP did install generic PTR )
2: never sent any email
3: never received email under any official means
My top smtp-auths failures are show in this simple ms-excel graph.
- I took total failures and reduce any duplicates ( address ) so these where unique event for each user
- Asia was the #1 continent by geoIP lookup
- The "Administrator" was the #1 account that failed
- The ideal was taken from the honypot folks at https://www.projecthoneypot.org/
My future goals are to extract the data for developing timed ACL for repeat offenders. I also want to explore ipv6 mail-abusers to see if this issues exists in the ipv6 domain.
On a different approach I have a few domains being used for email-traps, this is another means for trapping and luring abuser in regards to mail. The abuser are so blunt the trap emails have email address such as ; dontsendmemail@mydomain.com or similar , and the abuser still send spam email.
My hyperfeed.com domain which was a big target when it was productive back in the later 90s early 2000s is still receive spam emails to various emailserver but yet it has no MX record.
Btw, me and a few friends are setting up a ipv6 only honeypot & for tracking in the next few weeks on a virtual machine to see if we get any hits.
The ideal that if a you have a honeypot & that it ( address ) was never publish and folks are attempting to relay thru you, they are most likely up to no-good
Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( * * )=
o
/ \
No comments:
Post a Comment