Those following our blogs will know we open sourced a SMTP honeypot. This has been publicly available on the internet for some time now. Here are some spam bot results:
Clearly spam, and what’s interesting is that there seems to be a common theme where the spammers attempt to spam using 3 emails and then stop. Let’s look at the whois of this IP address source.
inetnum: 184.108.40.206 - 220.127.116.11
descr: Used for Spectranet LTE Customers
This spam source is Nigeria. Nothing surprising here. Did you know Nigeria only has ~15,000 wired internet connections and the Introduction of LTE technologies has enabled millions of Nigerians to join the internet?
There’s no easy way to link @largnet.ca and our honeypot. If you check the MX records on largnet.ca it’s clearly hosted in office365. So a spam bot would be unable to make this connection.
These attempts which use @largnet.ca would almost certainly be a human. Every organization has lots of bots attacking them like the first example, but there will be some more advanced human threats who are trying to break in. These human hackers are significantly rarer than bots but the threat they pose is significantly higher. Are you secure enough to prevent them?
Antivirus update February 2019
Just a quick update on our antivirus and honeypot adventures. Our last update was post-holidays.
The top 4 antivirus from our our previous update are still the same. What’s interesting is that Kaspersky, Zone Alarm, and Dr Web are all within 1 virus detection of each other.