Dear usenet,

You wrote...

Flwrite wrote:

Googling...  Interesting article at
http://www.findarticles.com/p/articles/mi_m0BRZ/is_8_22/ai_101656377
Honeypots.  Learn something new every day.

I'm running a honeypot on an otherwise unused P100 w/windoze 98se.
http://66.68.132.34:7070/html/hosts.html is my log.  Feel free to submit
my honeypot IP to any lists of open relays you know of.  The vast
majority of my traffic appears to be a zombie network in Taiwan.  I've
trapped over 42,000 spams with it since May.
Jackpot is the honeypot software I'm using. Very simple to configure and
run.  Anyone with a broadband connection can do it.
http://jackpot.uk.net/

Really, this is all news to me.

Amazing.  Saw your log.  (That was me at
sixty-nine.one-sixty-two.eighteen.one-thirty-one, at about 9:45 PM EST.)
Nothing but Taiwan attacking your computer.  What's the sociology behind
that?

It looks like you're only processing spams.  What about port probes?  Guess
I should go to Jackpot and find out how to interpret your log.

The closest I can come to that is manually relaying spams to SpamCop, which
I do religiously.  Also, I'm running myNetWatchman (mNW), which monitors my
Firewall log, and relays any firewall log entries to a central database
which calls the Internet Police on the worst port-probing offenders.

At least, mNW is fully automatic.  The little white icon in the toolbar
twinkles green while it's relaying IP information about any offending
port-prober.   I'm sure I've contributed lots by keeping my computer running
and reporting, while crunching a few work units on the side.

I like your way better.  It's completely automatic.  Even processes spam
automatically.  What will those Brits think of next?

Thanks again,
                       -Neil-