Re: Odd source IP for a scan
From: David Goddard (dmg@procopia.com)
Date: 06/13/01
- Next message: Kris Kennaway: "Re: Compiling untrusted source -- what are the risks?"
- Previous message: Brian Behlendorf: "Re: OT: FTP almost gone now? (was: Re: IPFW almost works now.)"
- In reply to: Alex Holst: "Re: Odd source IP for a scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 13 Jun 2001 20:47:30 +0100 From: David Goddard <dmg@procopia.com> To: Alex Holst <a@area51.dk>
Alex Holst wrote:
> What's spoofed? Whoever owns 66.22.30.76 has told their DNS server to return
> "host.domain.com" when asked for a hostname.
> Query about 66.22.30.76 for record types PTR
> Name: host.domain.com
> Address: 66.22.30.76
Doh. Right - didn't occur to me. Should have done a whois first I
guess. Looks like these guys have that for the entire netblock. My
assumption was that host.domain.com really did exist and its IP was
chosen to be the default in some tool. Better mail them and let them
know they have a possible problem :-)
Thanks (and sorry for the b/w wastage),
Dave
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Next message: Kris Kennaway: "Re: Compiling untrusted source -- what are the risks?"
- Previous message: Brian Behlendorf: "Re: OT: FTP almost gone now? (was: Re: IPFW almost works now.)"
- In reply to: Alex Holst: "Re: Odd source IP for a scan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
