lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20080830190820.4A27AAF@lists.grok.org.uk>
Date: Sat, 30 Aug 2008 14:02:52 -0400
From: "Exibar" <exibar@...lair.com>
To: "'James Lay'" <jlay@...ve-tothe-box.net>,
	"'Full-disclosure'" <full-disclosure@...ts.grok.org.uk>
Subject: Re: [inbox]  Honeypot?

so do you work for Salsoft, or are you trying to break into a machine owned
by them?
 
If it's a network you monitor, meaning you have direct responsibility for,
wouldn't you already know if it's a honeypot?
 
  sounds fishy that you have to ask....  
 
 Exibar

  _____  

From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of James Lay
Sent: Saturday, August 30, 2008 1:26 PM
To: Full-disclosure
Subject: [inbox] [Full-disclosure] Honeypot?


So...one of the networks I monitor has this ip:

66.139.73.183

Doing netbios scans on it.  A cursory inspection shows it as a win2003
box...that's WIDE open.  Could this be a honeypot that's been compromised?

Curious 

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ