| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <C4DEFA20.38D17%jlay@slave-tothe-box.net>
Date: Sat, 30 Aug 2008 13:22:40 -0600
From: James Lay <jlay@...ve-tothe-box.net>
To: Full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: [inbox] Honeypot?
The network I monitor was getting scanned by the below IP. It stopped now
though :)
On 8/30/08 12:02 PM, "Exibar" <exibar@...lair.com> wrote:
> so do you work for Salsoft, or are you trying to break into a machine owned by
> them?
>
> If it's a network you monitor, meaning you have direct responsibility for,
> wouldn't you already know if it's a honeypot?
>
> sounds fishy that you have to ask....
>
> Exibar
>
>
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of James Lay
> Sent: Saturday, August 30, 2008 1:26 PM
> To: Full-disclosure
> Subject: [inbox] [Full-disclosure] Honeypot?
>
> So...one of the networks I monitor has this ip:
>
> 66.139.73.183
>
> Doing netbios scans on it. A cursory inspection shows it as a win2003
> box...that¹s WIDE open. Could this be a honeypot that¹s been compromised?
>
> Curious
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists