[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] [inbox] Honeypot?
From: James Lay <jlay () slave-tothe-box ! net>
Date: 2008-08-30 19:22:40
Message-ID: C4DEFA20.38D17%jlay () slave-tothe-box ! net
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
The network I monitor was getting scanned by the below IP. It stopped now
though :)
On 8/30/08 12:02 PM, "Exibar" <exibar@thelair.com> wrote:
> so do you work for Salsoft, or are you trying to break into a machine owned by
> them?
>
> If it's a network you monitor, meaning you have direct responsibility for,
> wouldn't you already know if it's a honeypot?
>
> sounds fishy that you have to ask....
>
> Exibar
>
>
> From: full-disclosure-bounces@lists.grok.org.uk
> [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of James Lay
> Sent: Saturday, August 30, 2008 1:26 PM
> To: Full-disclosure
> Subject: [inbox] [Full-disclosure] Honeypot?
>
> So...one of the networks I monitor has this ip:
>
> 66.139.73.183
>
> Doing netbios scans on it. A cursory inspection shows it as a win2003
> box...thatıs WIDE open. Could this be a honeypot thatıs been compromised?
>
> Curious
[Attachment #5 (text/html)]
<HTML>
<HEAD>
<TITLE>Re: [inbox] [Full-disclosure] Honeypot?</TITLE>
</HEAD>
<BODY>
<FONT FACE="Calibri, Verdana, Helvetica, Arial"><SPAN STYLE='font-size:11pt'>The network I \
monitor was getting scanned by the below IP. It stopped now though :)<BR> <BR>
<BR>
On 8/30/08 12:02 PM, "Exibar" <<a \
href="exibar@thelair.com">exibar@thelair.com</a>> wrote:<BR> <BR>
</SPAN></FONT><BLOCKQUOTE><SPAN STYLE='font-size:11pt'><FONT COLOR="#0000FF"><FONT \
FACE="Arial">so do you work for Salsoft, or are you trying to break into a machine owned by \
them?<BR> </FONT></FONT><FONT FACE="Calibri, Verdana, Helvetica, Arial"> <BR>
</FONT><FONT COLOR="#0000FF"><FONT FACE="Arial">If it's a network you monitor, meaning you have \
direct responsibility for, wouldn't you already know if it's a honeypot?<BR> \
</FONT></FONT><FONT FACE="Calibri, Verdana, Helvetica, Arial"> <BR> </FONT><FONT \
COLOR="#0000FF"><FONT FACE="Arial"> sounds fishy that you have to ask.... <BR> \
</FONT></FONT><FONT FACE="Calibri, Verdana, Helvetica, Arial"> <BR> </FONT><FONT \
COLOR="#0000FF"><FONT FACE="Arial"> Exibar<BR> </FONT></FONT><FONT FACE="Calibri, Verdana, \
Helvetica, Arial"><BR> <HR ALIGN=CENTER SIZE="3" WIDTH="100%"></FONT><FONT FACE="Tahoma, \
Verdana, Helvetica, Arial"><B>From:</B> <a \
href="full-disclosure-bounces@lists.grok.org.uk">full-disclosure-bounces@lists.grok.org.uk</a> \
[<a href="mailto:full-disclosure-bounces@lists.grok.org.uk">mailto:full-disclosure-bounces@lists.grok.org.uk</a>] \
<B>On Behalf Of </B>James Lay<BR> <B>Sent:</B> Saturday, August 30, 2008 1:26 PM<BR>
<B>To:</B> Full-disclosure<BR>
<B>Subject:</B> [inbox] [Full-disclosure] Honeypot?<BR>
</FONT><FONT FACE="Calibri, Verdana, Helvetica, Arial"><BR>
So...one of the networks I monitor has this ip:<BR>
<BR>
66.139.73.183<BR>
<BR>
Doing netbios scans on it. A cursory inspection shows it as a win2003 box...that’s \
WIDE open. Could this be a honeypot that’s been compromised?<BR> <BR>
Curious <BR>
</FONT></SPAN></BLOCKQUOTE>
</BODY>
</HTML>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic