On 19/03/2011 00:02, Alexander Bernauer wrote: > I don't quite understand how any attacker is trapped by a honepot > that is publicly marked as being one. Furthermore, I don't know how > this IRC bot is able to operate with mail and web ports only as my > tor exit node is dropping everything else.
It is usually windows boxes compromised by mebroot or torpig malware, trying to connect to their botnet control center wia http. Some of the autogenerated CCC domains were precalculated and the domains registered by shadowserver, ISC.org and the like as sinkholes/honeypots. Jan _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk