Do you have any links to linux based "fake proxypots" ?
They sound cool, or maybe its just fun to say...
Look for implementations of "Teergrube" on google.
A famous one which shut down awhile back is LaBrea - which uses similar
technology for catching worms.
There is a Linux netfilter plugin based on a TCP implementation similar to
LaBrea which can do this. There is a timeout-list plugin as well, that would
allow a rule to match a list of IPs (of spammers) which would timeout after a
certain amount of time. This allows a user-space utility to add IPs to this
list making the kernel direct packets to the tarpit, and have it automatically
time-out (necessary so the list doesn't overflow with too many IPs and
take the
kernel down! which is tough to do, but I managed)
Also look at honeyd.org for how honeypots are catching spammers.
Spamhaus uses
a similar scheme where unknown and unused domains sit on servers across the
world. Any mail the server gets is obviously spam since no one should be
sending an unused domain any mail.
Honeyd.org has a live statistics page that has known spammer IPs. I
would love
it if they could make a DNS RBL out of this information!
