Re: [*SPAM*] Python open proxy honeypot
Alex Reinhart wrote: Eric S. Johansson wrote: Alex Reinhart wrote: Yeah, I just realized that. What would I do to act as an open proxy as well? emulate the Apache proxy capability, especially the reverse proxy. more seriously, what you need to do is from common proxy and web server ports, accept proxy requests with a destination port number of 25 and pretend to relay them. at least, that was the behavior I saw on a misconfigured Apache web server proxy. Is there a library that implements such functionality (that I can override) or will I have to implement SOCKS and such myself? I've found one SOCKS library and it's rather old and out of date... I'm not sure. I would seriously look at the Apache code in figure out what it does differently. The other possibilities look at the pound code which is probably more comprehensible and a better example of secure code. It's not out yet but I believe Cherokee will have a proxy soon. I advocated filtering out anything with a port 25 destination. After they heard my experience with Apache, they thought it was a real good idea. :-) -- http://mail.python.org/mailman/listinfo/python-list
Re: [*SPAM*] Python open proxy honeypot
On 13/06/06, Alex Reinhart [EMAIL PROTECTED] wrote: Is running Python's built-in smtpd, pretending to accept and forward all messages, enough to get me noticed by a spammer, or do I have to do something else to advertise my script as an open proxy? This will get you noticed by crawlers that scan the Internet looking for SMTP open-relays on port 25, its not an open-proxy :):) This will work as planned, but you should also have some email addresses using this server for a full range of spam hits. A single domain is cheap and you can use it just for incoming spam - seed a few addresses around the internet and wait Things you should be aware of: a) You may be breaking your ISP's TCs and AUPs b) your ISP connection must have port 25 open c) Be prepared for potentially huge numbers of connections in intermittent but sustained batches which may make your connection unusable. d) point c might get you noticed in relation to point a. HTH :) -- http://mail.python.org/mailman/listinfo/python-list
Re: [*SPAM*] Python open proxy honeypot
Tim Williams wrote: On 13/06/06, Alex Reinhart [EMAIL PROTECTED] wrote: Is running Python's built-in smtpd, pretending to accept and forward all messages, enough to get me noticed by a spammer, or do I have to do something else to advertise my script as an open proxy? This will get you noticed by crawlers that scan the Internet looking for SMTP open-relays on port 25, its not an open-proxy :):) Yeah, I just realized that. What would I do to act as an open proxy as well? This will work as planned, but you should also have some email addresses using this server for a full range of spam hits. A single domain is cheap and you can use it just for incoming spam - seed a few addresses around the internet and wait Things you should be aware of: a) You may be breaking your ISP's TCs and AUPs I plan on asking them first - it's not actually a proxy/relay, just pretending to be one. b) your ISP connection must have port 25 open They use SMTP for their mailservers, so I assume they do. c) Be prepared for potentially huge numbers of connections in intermittent but sustained batches which may make your connection unusable. I'm hoping to host it on another server, preferably with a firewall to keep things from getting too hairy. Thanks. -- http://mail.python.org/mailman/listinfo/python-list
Re: [*SPAM*] Python open proxy honeypot
Alex Reinhart wrote: Yeah, I just realized that. What would I do to act as an open proxy as well? emulate the Apache proxy capability, especially the reverse proxy. more seriously, what you need to do is from common proxy and web server ports, accept proxy requests with a destination port number of 25 and pretend to relay them. at least, that was the behavior I saw on a misconfigured Apache web server proxy. for what it's worth, I advocate abandoning Apache as it is too complex to configure correctly quickly. This is especially true of the built-in proxy. For what it's worth, folks should consider using alternatives like pound (very good secure proxy) and Cherokee (my favorite). But seriously, any web server except IIS is better than Apache. Find one that works for your application and use it. ---eric -- http://mail.python.org/mailman/listinfo/python-list
Re: [*SPAM*] Python open proxy honeypot
Eric S. Johansson wrote: Alex Reinhart wrote: Yeah, I just realized that. What would I do to act as an open proxy as well? emulate the Apache proxy capability, especially the reverse proxy. more seriously, what you need to do is from common proxy and web server ports, accept proxy requests with a destination port number of 25 and pretend to relay them. at least, that was the behavior I saw on a misconfigured Apache web server proxy. Is there a library that implements such functionality (that I can override) or will I have to implement SOCKS and such myself? I've found one SOCKS library and it's rather old and out of date... -- http://mail.python.org/mailman/listinfo/python-list
