Date: Wed, 13 Jun 2001 20:47:30 +0100 From: David Goddard <dmg@procopia.com> To: Alex Holst <a@area51.dk> Cc: freebsd-security@freebsd.org Subject: Re: Odd source IP for a scan Message-ID: <3B27C352.2FDA5007@procopia.com> References: <3B27AACB.D8BC13F@procopia.com> <20010613203329.A13593@area51.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Alex Holst wrote: > What's spoofed? Whoever owns 66.22.30.76 has told their DNS server to return > "host.domain.com" when asked for a hostname. > Query about 66.22.30.76 for record types PTR > Name: host.domain.com > Address: 66.22.30.76 Doh. Right - didn't occur to me. Should have done a whois first I guess. Looks like these guys have that for the entire netblock. My assumption was that host.domain.com really did exist and its IP was chosen to be the default in some tool. Better mail them and let them know they have a possible problem :-) Thanks (and sorry for the b/w wastage), Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B27C352.2FDA5007>