I got this system warning earlier today:
Honeypot hit detected from 192.168.1.197
1c:91:80:eb:41:63
Today at 7:51
When I check the MAC adress this comes up:
Result for: 1C:91:80:EB:41:63Address Prefix1C:91:80Vendor / CompanyApple, Inc.Start Address1C9180000000End Address1C9180FFFFFFCompany Address1 Infinite Loop Cupertino Ca 95014 Us
Infinite Loop is an Apple Store or reseller of some kind. Should I be worried?
Feedback will be greatly appreciated!
MacBook Air
The media access control (MAC, as differentiated from Mac, the computer brand) address shown for 192.168.1.197 is from a block assigned to Apple, or is being spoofed. MAC addresses are routinely spoofed.
As mentioned above, what happened here is not reported in what was posted, past a source IP either involved or spoofed, and a MAC address involved or spoofed.
So… not much to go on. Check with the honeypot doc, vendor, and/or support folks for what actually happened here.
As for running a honeypot, how effective this one might be differentiating nefarious activity is unclear. And how much time you want to spend monitoring and filtering and re-configuring to tune the reports and/or to improve filtering of spurious or benign activity, too.
perfriberg wrote:
Should I be worried?
No.
It sounds like you should disable this security system. It is reporting useless information.
Many thanks! I'll try that.
Cheers,
Per
Honeypot hit?
