Security Incidents mailing list archives
Hiding IP addresses in trace data
From: John Kristoff <jtk () depaul edu>
Date: Mon, 21 Oct 2002 09:55:12 -0500
Too often it seems that people are attempting to hide their IP address by masking the obvious dotted decimal notated number in various trace data. If you really care about not disclosing your IP address, be sure to also mask the hex data in the traces you send to public lists like this one. ...and hiding only two octets is not enough as long as the IP checksum remains in the trace data. John ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- a different, stranger port 137 activity Wisniewski, Michael (Oct 18)
- Re: a different, stranger port 137 activity H C (Oct 20)
- Hiding IP addresses in trace data John Kristoff (Oct 21)
- Re: Hiding IP addresses in trace data Jose Nazario (Oct 21)
- Re: Hiding IP addresses in trace data Russell Fulton (Oct 21)
- Re: Hiding IP addresses in trace data Jose Nazario (Oct 21)
- <Possible follow-ups>
- Re: a different, stranger port 137 activity daniele.muscetta (Oct 24)