Look what I caught

in my honeypot

21:03:35


• Detected IP :

- 138.88.108.119:27374 pool-138-88-108-119.res.east.verizon.net Bad Blood, Ramen, Seeker, Subseven, Subseven 2.1 Gold, Subseven 2.1.4 Defcon 8, Subseven Muie, Ttfloader 18:58:03.

Network security provided by HoneyPotX 2.5, coded by DCHKG, active member of the Underground Mac Programming Team.

How should I handle this attack? My ISP can't do much, but should I contact Verison? Will that do any good?

BTW, what is your impression of HoneyPotX? I'm a new iMac user and will take any advise available. Many years on windoze, but just got tired of the hassle with M$.

It hasn't caused any trouble, and seems to catch whatever seems to come my way.

The attack may have come from someone's computer that is being used as a zombie.

I have contacted everyone on my mail list that uses Verizon.

even if it's a case of someone using their server as a proxy the sysadmin will want to know who is bouncing through. Doubt if it's a proxy though - a savvy hacker wouldn't use a US proxy unless as part of a chain. Even then it wouldn't be at either end of the chain, it'd be in the middle.

If the same IP comes back send them a PING request off your own IP. The PING will probably time out because the hacker will be behind a firewall of the type that drops the packets without sending a "blocked port" msg back. However, if it's a script kiddy with a script kit he/she will get a fright if they suss that the target IP has spotted them. If it is their own IP they're using though, they are either bloody stupid or total script kiddies.

for a non customer to contact them on such issues. I may have missed it, but if it is there it isn't well marked. It appears they don't want contact with anyone that isn't filling their till.

Probably best to just gently point out that you seem to have had odd activity on your network from someone who seems to be using an IP off what seems to be a netblock allocated to them. Give them the date/time details from your honeypot log so they can then look in their server logs.

OrgAbuseHandle: VISAB-ARIN
OrgAbuseName: VIS Abuse
OrgAbusePhone: +1-214-513-6711
OrgAbuseEmail: abuse@verizon.net

edit: spelling

the link. Will do.

Just did it.