Security Incidents mailing list archives
Re: Packet from port 80 with spoofed microsoft.com ip
From: Thiago Conde Figueiró <thiago.figueiro () ciphertech com br>
Date: Wed, 29 Jan 2003 15:12:01 -0200
On Wed, 29 Jan 2003 21:46:53 +1100 Michael Rowe <mrowe () mojain com> wrote: MR> I received a packet on my cable modem today, allegedly from MR> microsoft.com: (snip) MR> $ host 207.46.249.190 MR> Name: www.domestic.microsoft.com MR> Address: 207.46.249.190 MR> Aliases: microsoft.com microsoft.net www.us.microsoft.com One should not trust reverse DNS for identification. The administrator for 249.46.207.in-addr.arpa could spoof that response. I'm not saying the packet didn't come from there, as I didn't bother checking. But that verification should be done with the proper authority (whois @internic.net, perhaps?). MR> Is this some sort of known "attack"? Or just random weiredness? I see no known pattern, but that could be explained, as you said, by several random activities. For example, someone could have spoofed a SYN with your IP as source. Let's see what other people have to say. :) Regards, -- Thiago Figueiró Infraestrutura Cipher Technology www.ciphertech.com.br _______________________________________________ "Segurança em TI - Uma especialidade Cipher Technology" disclaimer: the opinions in this message are my own and do not represent my employer's view. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Packet from port 80 with spoofed microsoft.com ip Michael Rowe (Jan 29)
- Re: Packet from port 80 with spoofed microsoft.com ip Chris Wilkes (Jan 29)
- Re: Packet from port 80 with spoofed microsoft.com ip Thiago Conde Figueiró (Jan 29)
- Re: Packet from port 80 with spoofed microsoft.com ip Rich Puhek (Jan 30)
- Re: Packet from port 80 with spoofed microsoft.com ip H C (Jan 29)
- Re: Packet from port 80 with spoofed microsoft.com ip Keith Owens (Jan 30)
- Message not available
- Re: Packets from 255.255.255.255(80) (was: Packet from port 80 with spoofed microsoft.com ip) Russell Fulton (Jan 31)
- Message not available
- Message not available
- <Possible follow-ups>
- RE: Packet from port 80 with spoofed microsoft.com ip NESTING, DAVID M (SBCSI) (Jan 29)