Date: Sun, 23 Jun 1996 23:50:09 -0400 (EDT) From: jaeger <jaeger@com> To: Bradley Dunn <dunn@harborcom.net> Cc: hackers@FreeBSD.org, security@FreeBSD.org Subject: Re: I need help on this one - please help me track this guy Message-ID: <Pine.LNX.3.91.960623234740.13380A-100000@dhp.com> In-Reply-To: <199606240335.XAA28034@ns2.harborcom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 23 Jun 1996, Bradley Dunn wrote: > The traceroute results do not indicate any DNS tampering. Traceroute > looks up 127.0.0.1 using gethostbyaddr(), which then uses whatever > address-to-name translation system you have running > (eg /etc/hosts,NIS,DNS). I would certainly hope your translation > sytem reports localhost for 127.0.0.1. :) Whoops! I think I should cut back on the caffeine...;> > > It does indicate that there is something over there that reports its > IP address as 127.0.0.1. Perhaps it is some funky terminal server > hardware. Maybe it returns 127.0.0.1 when it knows that it is > responsible for the particular IP being traced, but that IP isn't > currently assigned? > > To test this, I tried tracing to some of the other hosts that would > be in this pool. For example, a230.pu.ru, a231.pu.ru, etc... Some > of the other ones returned this as well. So my guess would be it > was a dialup dynamic IP account, and the terminal server sends > the packets to its loopback interface if the IP isn't assigned. > I've never encountered this behavior before. Does anyone know what make or model of hardware this might be? > Bradley Dunn <dunn@harborcom.net> > -jaeger
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.3.91.960623234740.13380A-100000>