[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Sheflug] Re: Security : Port scanning
> -----Original Message-----
> From: Richard Ibbotson [mailto:richard [at] sheflug.co.uk]
> Sent: 08 May 2003 10:28
> To: shef-lug [at] list.sheflug.org.uk
> Subject: [Sheflug] Re: Security : Port scanning
>
>
> Chris
>
>
> > My own logs are much worse than this :)
>
>
> In reply to myself and example of what was happening at 10.15 this
> morning.... I was being scanned from .... 217.228.102.98.... dig
> -x reveals....
>
>
> ; <<>> DiG 9.2.2 <<>> -x 217.228.102.98
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45520
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
>
> ;; QUESTION SECTION:
> ;98.102.228.217.in-addr.arpa. IN PTR
>
> ;; ANSWER SECTION:
> 98.102.228.217.in-addr.arpa. 86024 IN PTR
> pD9E46662.dip.t-dialin.net.
>
> ;; AUTHORITY SECTION:
> 102.228.217.in-addr.arpa. 86024 IN NS dns01.btx.dtag.de.
> 102.228.217.in-addr.arpa. 86024 IN NS dns04.btx.dtag.de.
> 102.228.217.in-addr.arpa. 86024 IN NS dns51.t-ipnet.de.
> 102.228.217.in-addr.arpa. 86024 IN NS pns.dtag.de.
> 102.228.217.in-addr.arpa. 86024 IN NS
> techfac.techfak.uni-bielefeld.de.
>
> ;; ADDITIONAL SECTION:
> dns01.btx.dtag.de. 3823 IN A 194.25.2.130
> dns04.btx.dtag.de. 3823 IN A 194.25.2.133
> dns51.t-ipnet.de. 3823 IN A 217.5.100.186
> pns.dtag.de. 2213 IN A 194.25.0.125
> techfac.techfak.uni-bielefeld.de. 462 IN A 129.70.132.100
>
> ;; Query time: 90 msec
> ;; SERVER: 194.247.47.47#53(194.247.47.47)
> ;; WHEN: Thu May 8 10:18:07 2003
> ;; MSG SIZE rcvd: 306
>
>
>
>
> What this probably means is that someone else is using someones
> connection at home or in the office without the owner knowing about
> it. Making a claim that a certain company or individual is doing it
> is wrong because it's frequently the case that this is not so. You
> normally find that the persons computer is being used from somewhere
> like the U.S or Japan or Taiwan by a remote operator.
>
Just out of curiosity, how did you come to that conclusion?
(I don't fully understand the methods behind the hijacking / spoofing
bit, so any info would be useful).
TIA,
--
David
___________________________________________________________________
Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html
GNU the choice of a complete generation.