Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: Traffic from microsoft.com ?

Re: Traffic from microsoft.com ?

From: Peter Bates <Peter.Bates_at_lshtm.ac.uk>
Date: Mon, 02 Jul 2001 00:21:02 +0100

Hello all...

>Well. If the IPs were from 207.46.x.x they were MSFT:

> Netname: MICROSOFT-GLOBAL-NET
> Netblock: 207.46.0.0 - 207.46.255.255

Indeed, I should have said that the IP addresses I did in fact
see were all in the 207.46.x.x range, although admittedly I hadn't
thought to try doing a reverse lookup or a whois search on them.

>My guess is that someone set up a few hundred clients to connect to
>MSFT-servers with a fake source-ip. So all the replies went to "random"
>destintaions - and Peter Bates network just happened to be in the
>attackers "source-range".

I think this does indeed sound highly probable... not very pleasing
news, necessarily, but I suppose more pleasant than knowing the
traffic was the result of a genuine DDoS emanating from my network!

Thanks...

-------------------------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, Network Support Team.
London School of Hygiene & Tropical Medicine.
Telephone:0207-927 2124 / Fax: 0207-436 5389 / Pager: 07625 255362

----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:

http://aris.securityfocus.com
Received on Jul 02 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos