alfredo
(1000+ posts)
Send PM |
Profile |
Ignore
|
Mon Feb-07-05 09:52 PM
Original message |
|
in my honeypot
21:03:35
• Detected IP :
- 138.88.108.119:27374 pool-138-88-108-119.res.east.verizon.net Bad Blood, Ramen, Seeker, Subseven, Subseven 2.1 Gold, Subseven 2.1.4 Defcon 8, Subseven Muie, Ttfloader 18:58:03.
Network security provided by HoneyPotX 2.5, coded by DCHKG, active member of the Underground Mac Programming Team.
How should I handle this attack? My ISP can't do much, but should I contact Verison? Will that do any good?
|
reprobate
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue Feb-08-05 12:18 AM
Response to Original message |
1. I'd alert the verizon abuse line. Couldn't hurt and might get him offline |
|
BTW, what is your impression of HoneyPotX? I'm a new iMac user and will take any advise available. Many years on windoze, but just got tired of the hassle with M$.
|
alfredo
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue Feb-08-05 01:32 AM
Response to Reply #1 |
|
It hasn't caused any trouble, and seems to catch whatever seems to come my way.
The attack may have come from someone's computer that is being used as a zombie.
I have contacted everyone on my mail list that uses Verizon.
|
McKenzie
(1000+ posts)
Send PM |
Profile |
Ignore
|
Tue Feb-08-05 03:19 AM
Response to Original message |
|
even if it's a case of someone using their server as a proxy the sysadmin will want to know who is bouncing through. Doubt if it's a proxy though - a savvy hacker wouldn't use a US proxy unless as part of a chain. Even then it wouldn't be at either end of the chain, it'd be in the middle.
If the same IP comes back send them a PING request off your own IP. The PING will probably time out because the hacker will be behind a firewall of the type that drops the packets without sending a "blocked port" msg back. However, if it's a script kiddy with a script kit he/she will get a fright if they suss that the target IP has spotted them. If it is their own IP they're using though, they are either bloody stupid or total script kiddies.
|
alfredo
(1000+ posts)
Send PM |
Profile |
Ignore
|
Wed Feb-09-05 12:15 AM
Response to Reply #3 |
4. I went to the Verizon site and found that there is no way |
|
for a non customer to contact them on such issues. I may have missed it, but if it is there it isn't well marked. It appears they don't want contact with anyone that isn't filling their till.
|
McKenzie
(1000+ posts)
Send PM |
Profile |
Ignore
|
Wed Feb-09-05 03:31 AM
Response to Reply #4 |
|
Edited on Wed Feb-09-05 03:38 AM by McKenzie
Probably best to just gently point out that you seem to have had odd activity on your network from someone who seems to be using an IP off what seems to be a netblock allocated to them. Give them the date/time details from your honeypot log so they can then look in their server logs.
OrgAbuseHandle: VISAB-ARIN OrgAbuseName: VIS Abuse OrgAbusePhone: +1-214-513-6711 OrgAbuseEmail: abuse@verizon.net
edit: spelling
|
alfredo
(1000+ posts)
Send PM |
Profile |
Ignore
|
Wed Feb-09-05 12:08 PM
Response to Reply #5 |
|
Edited on Wed Feb-09-05 12:16 PM by alfredo
the link. Will do.
Just did it.
|
DU
AdBot (1000+ posts) |
Sat May 04th 2024, 10:38 PM
Response to Original message |