Flwrite wrote:
>> usenet wrote:

I'm running a honeypot on an otherwise unused P100 w/windoze 98se.
http://66.68.132.34:7070/html/hosts.html is my log.  Feel free to submit
my honeypot IP to any lists of open relays you know of.  The vast
majority of my traffic appears to be a zombie network in Taiwan.  I've
trapped over 42,000 spams with it since May.
Jackpot is the honeypot software I'm using. Very simple to configure and
run.  Anyone with a broadband connection can do it.
http://jackpot.uk.net/

Really, this is all news to me.
Amazing.  Saw your log.  (That was me at
sixty-nine.one-sixty-two.eighteen.one-thirty-one, at about 9:45 PM EST.)
Nothing but Taiwan attacking your computer.  What's the sociology behind
that?

I'd have to look again to be sure, but I don't think it SAVES anything but the captured spams.   All activity will show up in the dos window but unless I happen to be looking at it at the time I probably won't see you.

My best guess about the Taiwan traffic is a taiwan spammer is using the open relay list that has me on it.  It is probably now included in the list of usable relays by thousands of zombie computers (compromised by a trojan.)

It looks like you're only processing spams.  What about port probes?  Guess
I should go to Jackpot and find out how to interpret your log.

I don't keep track of port probes on that machine.  My firewall can do it but since the only ports that are open are ports I want open I'm not too concerned about the others.  I'm not even sure I've got the firewall keeping a log.

The closest I can come to that is manually relaying spams to SpamCop, which
I do religiously.  Also, I'm running myNetWatchman (mNW), which monitors my
Firewall log, and relays any firewall log entries to a central database
which calls the Internet Police on the worst port-probing offenders.

At least, mNW is fully automatic.  The little white icon in the toolbar
twinkles green while it's relaying IP information about any offending
port-prober.   I'm sure I've contributed lots by keeping my computer running
and reporting, while crunching a few work units on the side.

I like your way better.  It's completely automatic.  Even processes spam
automatically.  What will those Brits think of next?

The only thing that happens to the spam is it gets stored on my computer.  I can manually complain but I don't bother with the zombie traffic.  I've notified a couple admins about their unsecure boxes but it is rare that I get any that I can help with.