From owner-freebsd-security Wed Jun 13 11:33:12 2001 Delivered-To: freebsd-security@freebsd.org Received: from f-control.area51.dk (f-control.area51.dk [213.237.108.10]) by hub.freebsd.org (Postfix) with SMTP id D070537B403 for ; Wed, 13 Jun 2001 11:33:09 -0700 (PDT) (envelope-from a@f-control.area51.dk) Received: (qmail 13865 invoked by uid 1007); 13 Jun 2001 18:33:29 -0000 Date: Wed, 13 Jun 2001 20:33:29 +0200 From: Alex Holst To: freebsd-security@freebsd.org Subject: Re: Odd source IP for a scan Message-ID: <20010613203329.A13593@area51.dk> Mail-Followup-To: Alex Holst , freebsd-security@freebsd.org References: <3B27AACB.D8BC13F@procopia.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <3B27AACB.D8BC13F@procopia.com>; from dmg@procopia.com on Wed, Jun 13, 2001 at 07:02:51PM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Quoting David Goddard (dmg@procopia.com): > 66.22.30.76 resolves to host.domain.com - my guess is that it's some > hacking tool and the script kiddie has not bothered to change the > spoofing from the default. What's spoofed? Whoever owns 66.22.30.76 has told their DNS server to return "host.domain.com" when asked for a hostname. Query about 66.22.30.76 for record types PTR Name: host.domain.com Address: 66.22.30.76 -- I prefer the dark of the night, after midnight and before four-thirty, when it's more bare, more hollow. http://a.area51.dk/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message