On Wed, 29 Jan 2003 21:46:53 +1100 Michael Rowe <mroweat_private> wrote: MR> I received a packet on my cable modem today, allegedly from MR> microsoft.com: (snip) MR> $ host 207.46.249.190 MR> Name: www.domestic.microsoft.com MR> Address: 207.46.249.190 MR> Aliases: microsoft.com microsoft.net www.us.microsoft.com One should not trust reverse DNS for identification. The administrator for 249.46.207.in-addr.arpa could spoof that response. I'm not saying the packet didn't come from there, as I didn't bother checking. But that verification should be done with the proper authority (whois @internic.net, perhaps?). MR> Is this some sort of known "attack"? Or just random weiredness? I see no known pattern, but that could be explained, as you said, by several random activities. For example, someone could have spoofed a SYN with your IP as source. Let's see what other people have to say. :) Regards, -- Thiago Figueiró Infraestrutura Cipher Technology www.ciphertech.com.br _______________________________________________ "Segurança em TI - Uma especialidade Cipher Technology" disclaimer: the opinions in this message are my own and do not represent my employer's view. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jan 29 2003 - 15:22:18 PST