|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: "Re: a fun new tool from us... & 'Today's occurances' "
Paul D. Robertson (proberts
clark.net)
Wed, 28 Apr 1999 10:09:20 -0400 (EDT)
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: Paul Marcus: "Re: Ipfwadm"
- Previous message: Bennett Todd: "Re: Security policy and risk analysis questions"
- In reply to: Frank Pawlak: "Security policy and risk analysis questions"
- Next in thread: Kaptain: "Re: "Re: a fun new tool from us... & 'Today's occurances' ""
- Reply: Kaptain: "Re: "Re: a fun new tool from us... & 'Today's occurances' ""
On Tue, 27 Apr 1999, Philip S Holt, Security Engineer / Network Engineer wrote:
> Here's the deal.
> 16:40:05 BOF reports ... (mjr's little gem)
> FTP connection from 209.233.142.18 ...
> nslookup reveals that this is the University Of Washington.
Not on my system, but I prefer dig -
[[rootgargoyle root]# dig 18.142.233.209.in-addr.arpa any any | more
; <<>> DiG 8.1 <<>> 18.142.233.209.in-addr.arpa any any
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; 18.142.233.209.in-addr.arpa, type = ANY, class = ANY
;; ANSWER SECTION:
18.142.233.209.in-addr.arpa. 1h56m45s IN PTR
adsl-209-233-142-18.dsl.lsan03.pacbell.net.
;; AUTHORITY SECTION:
142.233.209.in-addr.arpa. 1h56m45s IN NS ns1.pbi.net.
142.233.209.in-addr.arpa. 1h56m45s IN NS ns2.pbi.net.
;; ADDITIONAL SECTION:
ns1.pbi.net. 1d23h56m40s IN A 206.13.28.11
ns2.pbi.net. 1d23h56m40s IN A 206.13.29.11
Both authoritative servers return the same data
Whois corraborates this:
[[rootgargoyle root]# whois 209.233.142.18whois.arin.net
[whois.arin.net]
Pacific Bell Internet Services,Inc. (NETBLK-PBI-NET-5) PBI-NET-5
209.232.0.0 - 209.233.255.255
Donovan Williams (NETBLK-PBI-CUSTNET-6607) PBI-CUSTNET-6607
209.233.142.16 - 209.233.142.23
> the bottom of the nslookup
entry - as follows: > Name adsl-209-233-142-18-dsl.lsan03.pacbell.net
> Now, what exactly is the relationship between this entry (The dsl line
> pacbell) to that of my dial-up connection through US Worst?
If 209.233.142.18 is the IP address that showed up in your logs, then
that's the address the packets were launched from.
Maybe you've got some extraneous nameserver information from UW - though
as they're not authoritative for the domains in question, or maybe you're
misinterpreting the data.
FWIW, ns1.pbi.net and ns2.pbi.net show the same address, that's a no-no.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
probertsclark.net which may have no basis whatsoever in fact."
PSB#9280
- Next message: Paul Marcus: "Re: Ipfwadm"
- Previous message: Bennett Todd: "Re: Security policy and risk analysis questions"
- In reply to: Frank Pawlak: "Security policy and risk analysis questions"
- Next in thread: Kaptain: "Re: "Re: a fun new tool from us... & 'Today's occurances' ""
- Reply: Kaptain: "Re: "Re: a fun new tool from us... & 'Today's occurances' ""
This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:18:23 CDT