Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Traffic from microsoft.com ?

Re: Traffic from microsoft.com ?

From: Bjorn Djupvik <bjorn.djupvik_at_globalone.net>
Date: Sun, 1 Jul 2001 22:47:12 +0200

I can make any IP delegated to me resolve to whatever I want, including
microsoft.com. Its the way reverse dns works, so the guy scanning you
probably made the ip resolve to microsoft.com to try and spoof the scan. Try
resolving microsoft.com and see if it resolves back to the ip, if it doesnt
then its obviously a fake.

Regards,
Bjorn

----- Original Message -----
From: "Peter Bates" <Peter.Bates_at_lshtm.ac.uk>

> Was this just the sign of a big spoofed scan, but if so, how come I can't
see
> any indication of an IP address that doesn't resolve to microsoft.com?

----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:

http://aris.securityfocus.com
Received on Jul 01 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos