[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [inbox] Honeypot?

To: Full-disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] [inbox] Honeypot?
From: James Lay <jlay@xxxxxxxxxxxxxxxxxxx>
Date: Sat, 30 Aug 2008 13:22:40 -0600

The network I monitor was getting scanned by the below IP.  It stopped now
though :)


On 8/30/08 12:02 PM, "Exibar" <exibar@xxxxxxxxxxx> wrote:

> so do you work for Salsoft, or are you trying to break into a machine owned by
> them?
>  
> If it's a network you monitor, meaning you have direct responsibility for,
> wouldn't you already know if it's a honeypot?
>  
>   sounds fishy that you have to ask....
>  
>  Exibar
> 
> 
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of James Lay
> Sent: Saturday, August 30, 2008 1:26 PM
> To: Full-disclosure
> Subject: [inbox] [Full-disclosure] Honeypot?
> 
> So...one of the networks I monitor has this ip:
> 
> 66.139.73.183
> 
> Doing netbios scans on it.  A cursory inspection shows it as a win2003
> box...that¹s WIDE open.  Could this be a honeypot that¹s been compromised?
> 
> Curious

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] [inbox] Honeypot?
Next by Date: Re: [Full-disclosure] Inside India’s CAPTCHA Solving Economy
Previous by thread: [Full-disclosure] x0x0x ? its a joke! a vendetta history..
Next by thread: [Full-disclosure] [PLSA 2008-32] Mono: Cross Site Scripting
Index(es):
- Date
- Thread