Anti-honeypot technology

Abstract

Spammers continually scan the Internet for open proxy relays: by using these open relays, they can obscure their originating IP address and remain anonymous. However, when a spammer comes across a service on a honeypot, that honeypot can collect valuable information about the spammer's true identity and help unmask it. In response to the threat that honeypots pose to spammers, the first commercial anti-honeypot technology has surfaced: Send-Safe's Honeypot Hunter (www.send-safe. com) attempts to detect "safe" proxies for use with bulk-mailing tools. This honeypot-detection system's appearance, in association with other emerging spam tools, suggests three important trends: honeypots are affecting spammers, current honeypot technology is detectable, and more honeypot-identification systems are likely. The ability to detect a honeypot is unlikely to remain limited to spammers; other hostile or malicious groups could benefit from similar identification systems. In an effort to create undetectable honeypot systems, we need a significant improvement in today's honeypot technologies.