Full Disclosure: Re: Ford Motors IT Contact

Re: Ford Motors IT Contact

From: Simon Smith <simon () snosoft com>
Date: Tue, 27 May 2008 16:27:15 -0400

Indeed, that is the IP address.

        That IP address appears to be bound to some sort of a VPN system for 
ford. Perhaps its infected VPN users?

Michael Holstein wrote:

In response to them still being infected with sql slammer and it 
probing my networks regularly.

Let me guess .. it's 136.1.7.55 ?

Here's what I get (from ford) every time that IP pops up in our 
automated abuse report ..

--snip--

Our investigation into this matter has determined that the recent onset
of attacks from this IP is the result of the IP being forged by an
external party.  External parties will commonly use IP addresses that
belong to large organizations to mask network traffic.

--snip--

Cheers,

Michael Holstein
Cleveland State University


-- 

- simon

----------------------
http://www.snosoft.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

Ford Motors IT Contact Simon Smith (May 27)
- Re: Ford Motors IT Contact Stack Smasher (May 27)
  - Re: Ford Motors IT Contact Valdis . Kletnieks (May 27)
- Re: Ford Motors IT Contact Gary Wilson (May 27)
  - Re: Ford Motors IT Contact Nate McFeters (May 27)
    - Re: Ford Motors IT Contact Simon Smith (May 27)
    - Re: Ford Motors IT Contact Anders B Jansson (May 27)
    - Re: Ford Motors IT Contact Bruce Ediger (May 27)
    - Re: Ford Motors IT Contact Michael Holstein (May 27)
    - Re: Ford Motors IT Contact Ray P (May 27)
    - Re: Ford Motors IT Contact Simon Smith (May 27)