[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Sheflug] Re: Security : Port scanning

To: <shef-lug [at] xxxxxxxxxxxxxxxxxxx>
Subject: RE: [Sheflug] Re: Security : Port scanning
From: "Morris, David (Allvac, UK)" <david [at] xxxxxxxxxxxx>
Date: Thu, 8 May 2003 05:52:43 -0400
Delivered-to: shef-lug [at] list.sheflug.org.uk
List-help: <mailto:shef-lug-request [at] list.sheflug.org.uk?subject=help>
List-id: Sheflug <shef-lug.list.sheflug.org.uk>
List-post: <mailto:shef-lug [at] list.sheflug.org.uk>
List-subscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=subscribe>
List-unsubscribe: <http://community.uklinux.net/mailman/listinfo/shef-lug>,<mailto:shef-lug-request [at] list.sheflug.org.uk?subject=unsubscribe>
Reply-to: shef-lug [at] xxxxxxxxxxxxxxxxxxx
Sender: shef-lug-admin [at] xxxxxxxxxxxxxxxxxxx
Thread-index: AcMVRKUHb5mdOW0aT86y4xrr7k6o0AAAjL+g
Thread-topic: [Sheflug] Re: Security : Port scanning


> -----Original Message-----
> From: Richard Ibbotson [mailto:richard [at] sheflug.co.uk] 
> Sent: 08 May 2003 10:28
> To: shef-lug [at] list.sheflug.org.uk
> Subject: [Sheflug] Re: Security : Port scanning
> 
> 
> Chris
> 
> 
> > My own logs are much worse than this :)
> 
> 
> In reply to myself and example of what was happening at 10.15 this 
> morning....  I was being scanned from ....   217.228.102.98....  dig 
> -x reveals....
> 
> 
> ; <<>> DiG 9.2.2 <<>> -x 217.228.102.98
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45520
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
> 
> ;; QUESTION SECTION:
> ;98.102.228.217.in-addr.arpa.   IN      PTR
> 
> ;; ANSWER SECTION:
> 98.102.228.217.in-addr.arpa. 86024 IN   PTR     
> pD9E46662.dip.t-dialin.net.
> 
> ;; AUTHORITY SECTION:
> 102.228.217.in-addr.arpa. 86024 IN      NS      dns01.btx.dtag.de.
> 102.228.217.in-addr.arpa. 86024 IN      NS      dns04.btx.dtag.de.
> 102.228.217.in-addr.arpa. 86024 IN      NS      dns51.t-ipnet.de.
> 102.228.217.in-addr.arpa. 86024 IN      NS      pns.dtag.de.
> 102.228.217.in-addr.arpa. 86024 IN      NS      
> techfac.techfak.uni-bielefeld.de.
> 
> ;; ADDITIONAL SECTION:
> dns01.btx.dtag.de.      3823    IN      A       194.25.2.130
> dns04.btx.dtag.de.      3823    IN      A       194.25.2.133
> dns51.t-ipnet.de.       3823    IN      A       217.5.100.186
> pns.dtag.de.            2213    IN      A       194.25.0.125
> techfac.techfak.uni-bielefeld.de. 462 IN A      129.70.132.100
> 
> ;; Query time: 90 msec
> ;; SERVER: 194.247.47.47#53(194.247.47.47)
> ;; WHEN: Thu May  8 10:18:07 2003
> ;; MSG SIZE  rcvd: 306
> 
> 
> 
> 
> What this probably means is that someone else is using someones 
> connection at home or in the office without the owner knowing about 
> it.  Making a claim that a certain company or individual is doing it 
> is wrong because it's frequently the case that this is not so.  You 
> normally find that the persons computer is being used from somewhere 
> like the U.S or Japan or Taiwan by a remote operator.
> 

Just out of curiosity, how did you come to that conclusion?

(I don't fully understand the methods behind the hijacking / spoofing
bit, so any info would be useful).

TIA,

-- 
David
___________________________________________________________________

Sheffield Linux User's Group -
http://www.sheflug.co.uk/mailfaq.html

  GNU the choice of a complete generation.

Follow-Ups:
- RE: [Sheflug] Re: Security : Port scanning
  - From: Chris J
- [Sheflug] Re: Security : Port scanning
  - From: Richard Ibbotson

Prev by Date: [Sheflug] Re: Security : Port scanning
Next by Date: RE: [Sheflug] Re: Security : Port scanning
Previous by thread: Re: [Sheflug] Synchronising local files
Next by thread: RE: [Sheflug] Re: Security : Port scanning
Index(es):
- Date
- Thread