Re: [Full-disclosure] [inbox] Honeypot?

From: Exibar <exibar_at_nospam>
Date: Sat Aug 30 2008 - 18:02:52 GMT
To: "'James Lay'" <jlay@slave-tothe-box.net>, "'Full-disclosure'" <full-disclosure@lists.grok.org.uk>

so do you work for Salsoft, or are you trying to break into a machine owned by them?

If it's a network you monitor, meaning you have direct responsibility for, wouldn't you already know if it's a honeypot?

sounds fishy that you have to ask....

Exibar

From: full-disclosure-bounces@lists.grok.org.uk [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of James Lay Sent: Saturday, August 30, 2008 1:26 PM
To: Full-disclosure
Subject: [inbox] [Full-disclosure] Honeypot?

So...one of the networks I monitor has this ip:

66.139.73.183

Doing netbios scans on it. A cursory inspection shows it as a win2003 box...that's WIDE open. Could this be a honeypot that's been compromised?

Curious

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: James Lay: "Re: [Full-disclosure] [inbox] Honeypot?"
Previous message: bussinessinbox box: "[Full-disclosure] x0x0x ? its a joke! a vendetta history.."
In reply to: James Lay: "[Full-disclosure] Honeypot?"
Next in thread: James Lay: "Re: [Full-disclosure] [inbox] Honeypot?"
Maybe reply: James Lay: "Re: [Full-disclosure] [inbox] Honeypot?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]