Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Honeypot (computing)
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Spam versions === [[Spamming|Spammers]] abuse vulnerable resources such as [[open mail relay]]s and [[open proxy|open proxies]]. These are servers that accept e-mail from anyone on the Internet—including spammers—and send it to its destination. Some system administrators have created honeypot programs that masquerade as these abusable resources to discover spammer activity. There are several capabilities such honeypots provide to these administrators, and the existence of such fake abusable systems makes abuse more difficult or risky. Honeypots can be a powerful countermeasure to abuse from those who rely on very high-volume abuse (e.g., spammers). These honeypots can reveal the abuser's [[IP address]] and provide bulk spam capture (which enables operators to determine spammers' [[URLs]] and response mechanisms). As described by M. Edwards at ITPRo Today: {{Blockquote |text=Typically, spammers test a mail server for open relaying by simply sending themselves an email message. If the spammer receives the email message, the mail server obviously allows open relaying. Honeypot operators, however, can use the relay test to thwart spammers. The honeypot catches the relay test email message, returns the test email message, and subsequently blocks all other email messages from that spammer. Spammers continue to use the antispam honeypot for spamming, but the spam is never delivered. Meanwhile, the honeypot operator can notify spammers' ISPs and have their Internet accounts canceled. If honeypot operators detect spammers who use open-proxy servers, they can also notify the proxy server operator to lock down the server to prevent further misuse.<ref>{{cite web|last1=Edwards|first1=M.|title=Antispam Honeypots Give Spammers Headaches|url=http://windowsitpro.com/exchange-server/antispam-honeypots-give-spammers-headaches|publisher=Windows IT Pro|access-date=11 March 2015|archive-url=https://web.archive.org/web/20170701040344/http://windowsitpro.com/exchange-server/antispam-honeypots-give-spammers-headaches|archive-date=1 July 2017|url-status=dead}}</ref> }} The apparent source may be another abused system. Spammers and other abusers may use a chain of such abused systems to make detection of the original starting point of the abuse traffic difficult. This in itself is indicative of the power of honeypots as [[anti-spam]] tools. In the early days of anti-spam honeypots, spammers, with little concern for hiding their location, felt safe testing for vulnerabilities and sending spam directly from their own systems. Honeypots made the abuse riskier and more difficult. Spam still flows through open relays, but the volume is much smaller than in 2001-02. While most spam originates in the U.S.,<ref>{{cite web|title=Sophos reveals latest spam relaying countries|url=http://www.net-security.org/secworld.php?id=4085|work=Help Net Security|access-date=14 June 2013|date=24 July 2006}}</ref> spammers hop through open relays across political boundaries to mask their origin. Honeypot operators may use intercepted relay tests to recognize and thwart attempts to relay spam through their honeypots. "Thwart" may mean "accept the relay spam but decline to deliver it." Honeypot operators may discover other details concerning the spam and the spammer by examining the captured spam messages. Open-relay honeypots include Jackpot, written in [[Java (programming language)|Java]] by Jack Cleaver; ''smtpot.py'', written in [[Python (programming language)|Python]] by Karl A. Krueger;<ref>{{cite web|title=Honeypot Software, Honeypot Products, Deception Software|url=http://www.honeypots.net/honeypots/products|year=2013|work=Intrusion Detection, Honeypots and Incident Handling Resources|publisher=Honeypots.net|url-status=dead|archive-url=https://web.archive.org/web/20031008120110/http://www.honeypots.net/honeypots/products|archive-date=8 October 2003|access-date=14 June 2013}}</ref> and spamhole, written in [[C (programming language)|C]].<ref>{{cite web|title=spamhole – The Fake Open SMTP Relay Beta|url=http://sourceforge.net/projects/spamhole/|work=SourceForge|publisher=Dice Holdings, Inc.|access-date=14 June 2013|author=dustintrammell|date=27 February 2013}}</ref> The ''Bubblegum Proxypot'' is an open-source honeypot (or "proxypot").<ref name="Ec-Council2009">{{cite book|author=Ec-Council|title=Certified Ethical Hacker: Securing Network Infrastructure in Certified Ethical Hacking|url=https://books.google.com/books?id=nERI0SQqF_sC&pg=SA3-PA23|access-date=14 June 2013|date=5 July 2009|publisher=Cengage Learning|isbn=978-1-4354-8365-1|pages=3–}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)