Project Black Water – That InfoSec Guy

The following IP addresses were caught in one of my honeypots uploading malicious software. Often times they attacked the server several times with the same sample. Below are the IP address logged by the honeypot uploading malicious code. This IPs should be blocked by your firewall and perhaps your DMZ. You should also search your logs for these addresses:

Reporting Period Covered: 20-01-23 to 2010-02-01:

173.168.107.39
173.169.80.172
173.17.93.171
173.170.164.97
173.173.25.54
173.18.24.38
173.186.126.122
173.188.94.10
173.19.214.117
173.19.221.237
173.196.22.207
173.197.148.187
173.198.6.178
173.200.185.124
173.206.66.173
173.212.21.3
173.212.6.70
173.22.144.237
173.27.193.216
173.28.193.165
173.28.200.97
173.28.204.104
173.28.214.252
173.29.206.19
173.29.250.132
173.29.252.229
173.31.110.197
173.31.81.4
173.31.83.41
173.31.90.101
173.51.192.91
173.56.30.185
173.65.60.184
189.124.142.114
64.164.126.74
68.165.140.51
91.103.234.241