Thiago Conde Figueiró wrote: > On Wed, 29 Jan 2003 21:46:53 +1100 > Michael Rowe <mroweat_private> wrote: > > MR> I received a packet on my cable modem today, allegedly from > MR> microsoft.com: > (snip) > > MR> $ host 207.46.249.190 > MR> Name: www.domestic.microsoft.com > MR> Address: 207.46.249.190 > MR> Aliases: microsoft.com microsoft.net www.us.microsoft.com > > One should not trust reverse DNS for identification. The > administrator for 249.46.207.in-addr.arpa could spoof that response. > Very true. > I'm not saying the packet didn't come from there, as I didn't bother > checking. But that verification should be done with the proper > authority (whois @internic.net, perhaps?). > #whois 207.46.249.190 OrgName: Microsoft Corp OrgID: MSFT NetRange: 207.46.0.0 - 207.46.255.255 CIDR: 207.46.0.0/16 NetName: MICROSOFT-GLOBAL-NET NetHandle: NET-207-46-0-0-1 Parent: NET-207-0-0-0-0 NetType: Direct Assignment (snip) That answers that question very quickly. --Rich _________________________________________________________ Rich Puhek ETN Systems Inc. 2125 1st Ave East Hibbing MN 55746 tel: 218.262.1130 email: rpuhekat_private _________________________________________________________ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Jan 30 2003 - 10:21:46 PST