|
Full Disclosure
mailing list archives
Re: [inbox] Honeypot?
From: James Lay <jlay () slave-tothe-box net>
Date: Sat, 30 Aug 2008 13:22:40 -0600
The network I monitor was getting scanned by the below IP. It stopped now
though :)
On 8/30/08 12:02 PM, "Exibar" <exibar () thelair com> wrote:
so do you work for Salsoft, or are you trying to break into a machine owned by
them?
If it's a network you monitor, meaning you have direct responsibility for,
wouldn't you already know if it's a honeypot?
sounds fishy that you have to ask....
Exibar
From: full-disclosure-bounces () lists grok org uk
[mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of James Lay
Sent: Saturday, August 30, 2008 1:26 PM
To: Full-disclosure
Subject: [inbox] [Full-disclosure] Honeypot?
So...one of the networks I monitor has this ip:
66.139.73.183
Doing netbios scans on it. A cursory inspection shows it as a win2003
box...that¹s WIDE open. Could this be a honeypot that¹s been compromised?
Curious
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: [inbox] Honeypot? James Lay (Aug 30)
| 
