Re: Spider with improbable IP address
From: insecure (insecure_at_ameritech.net)
Date: 10/15/04
- Previous message: Scott Fuhriman: "RE: 1,800 files missing from system32"
- In reply to: Ed Wittmann: "Spider with improbable IP address"
- Next in thread: Bennett Todd: "Re: Spider with improbable IP address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 15 Oct 2004 12:27:47 -0500 To: Ed Wittmann <wittmann@sae.org>
There's no reason that an IP address like that wouldn't be perfectly
valid, no matter what the first three octets contain. This has been true
for at least a decade.
Read up on CIDR and RFC1519 (http://www.faqs.org/rfcs/rfc1519.html).
Ed Wittmann wrote:
>A server I help maintain is currently being spidered, which is not so
>unusual - however, I note that the address the spider is coming from
>seems weird:
>
>xxx.xxx.xxx.0
>
>
>Now, I was under the assumption that you can't send and receive on this
>address - but the requests come in here, and they're clearly going back
>out here. The weblogs show this address.
>
>Could someone cure my ignorance? Is this spoofing? It doesn't seem like
>source spoofing since the reply is clearly going back to the same IP
>address.
>
>
>
- Previous message: Scott Fuhriman: "RE: 1,800 files missing from system32"
- In reply to: Ed Wittmann: "Spider with improbable IP address"
- Next in thread: Bennett Todd: "Re: Spider with improbable IP address"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
