WormRadar Node Volunteers Help Graph Attacks
zoombat writes "NTBugtraq has a post looking for volunteers to run WormRadar nodes. The nodes are essentially honeypots that watch for suspicious activity. Its purpose is to both measure the frequency of known, current worms and to alert us all when something new becomes active. A graph (updated every 30 minutes) shows what was detected. Currently it looks like only a Windows client is available, though."
And, as it says in the article, u137unk is aimed at port 137 using UDP. NetBIOS request en masse. Over the internet? Why does this not make sense? Maybe all those exploits are Messenger spams? However, iirc, Messenger spam uses a different port and TCP. So if this is not Messenger spam... Then what?
Hate me!
I thought honeypotting is being considerd as not-so-legal.
Why would you say that? It certainly isn't entrapment. If you leave your house windows open, it doesn't give thieves permission to steal.
And a burglar can't complain that you have video cameras all over the house recording them while you call the cops.
In Texas & many other states, you could blow them away with a shotgun and get cheers in the local paper.