the Enforcers

by **redwarrior666** » Mon Sep 10, 2007 9:56 am

This weekend some asshole decided to scan and probe my ISA Server at home. For those of you who do not know what ISA Server is, it's Microsofts enterprise firewall. So I scanned back and got some really strang results. Sorry about the one pic being a double post I'm not awake.

by **Gunther** » Mon Sep 10, 2007 10:22 am

by **Socco** » Mon Sep 10, 2007 11:24 am

redwarrior666 wrote:This weekend some asshole decided to scan and probe my ISA Server at home.

Did you file an abuse report with the ISP of that machine?

That is one SERIOUSLY infected machine, I'd guess honeypot, but it is possible that it is horrendously setup and managed.

by **redwarrior666** » Mon Sep 10, 2007 2:03 pm

Did you file an abuse report with the ISP of that machine?

no i didn't it usually dosen't bother me if someone scans me they aren't going to penetrate my Fort Knox setup anyhow unless they are from some unamed orginaztion (also I have nothing of value on my machine)you get the picture. I have never seen a honeypot before so it was interesting.

by **FloobieDoobie** » Mon Sep 10, 2007 2:22 pm

Honeypots typically are set up on a per port basis, such as setting one up on http (tcp80). The pots are designed to reply back with specific strings so that you can capture the attack data as it comes in, you really don't use all those ports since that would be a huge red flag. If I was going after a machine that returned that many ports I'd back off a bit to figure out wtf is up with it.

the Enforcers

Honeypot or really infected

Honeypot or really infected

Re: Honeypot or really infected

Who is online