|
Security Incidents
mailing list archives
Re: Traffic from microsoft.com ?
From: "Bjorn Djupvik" <bjorn.djupvik () globalone net>
Date: Sun, 1 Jul 2001 22:47:12 +0200
I can make any IP delegated to me resolve to whatever I want, including
microsoft.com. Its the way reverse dns works, so the guy scanning you
probably made the ip resolve to microsoft.com to try and spoof the scan. Try
resolving microsoft.com and see if it resolves back to the ip, if it doesnt
then its obviously a fake.
Regards,
Bjorn
----- Original Message -----
From: "Peter Bates" <Peter.Bates () lshtm ac uk>
Was this just the sign of a big spoofed scan, but if so, how come I can't
see
any indication of an IP address that doesn't resolve to microsoft.com?
----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see:
http://aris.securityfocus.com
 By Date 
By Thread
Current thread:
| 
Intro
