Re: [Full-disclosure] [inbox] Honeypot?

From: James Lay <jlay_at_nospam>
Date: Sat Aug 30 2008 - 19:22:40 GMT
To: Full-disclosure <full-disclosure@lists.grok.org.uk>

The network I monitor was getting scanned by the below IP. It stopped now though :)

On 8/30/08 12:02 PM, "Exibar" <exibar@thelair.com> wrote:

> so do you work for Salsoft, or are you trying to break into a machine owned by
> them?
>
> If it's a network you monitor, meaning you have direct responsibility for,
> wouldn't you already know if it's a honeypot?
>
> sounds fishy that you have to ask....
>
> Exibar
>
>
> From: full-disclosure-bounces@lists.grok.org.uk
> [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of James Lay
> Sent: Saturday, August 30, 2008 1:26 PM
> To: Full-disclosure
> Subject: [inbox] [Full-disclosure] Honeypot?
>
> So...one of the networks I monitor has this ip:
>
> 66.139.73.183
>
> Doing netbios scans on it. A cursory inspection shows it as a win2003
> box...that¹s WIDE open. Could this be a honeypot that¹s been compromised?
>
> Curious

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: coderman: "Re: [Full-disclosure] Inside India’s CAPTCHA Solving Economy"
Previous message: Exibar: "Re: [Full-disclosure] [inbox] Honeypot?"
Maybe in reply to: Exibar: "Re: [Full-disclosure] [inbox] Honeypot?"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]