Re: any details/sigs for "Magic Lantern"?

[Matt Kettler <mkettler () evi-inc com>]

I hate to be a naysayer, but I'm HIGHLY skeptical of this claim. Let's face 
it, if the feds had microsoft's help with ML,they certainly would not allow 
it to point fingers back to the federal government in such a blatantly 
obvious manner. Something that obvious would make the entire thing 
absolutely worthless.

My guess is this is a secondary windows update server set up to serve the 
demands of some large government contract that wanted MS to set up a WU 
server to meet certain specs, presumably for security or reliability 
reasons in patching their own machines.

I doubt any of us even know exactly why they have that server named that 
way, but since it's so obviously named I'm forced to assume that it's not 
anything of a clandestine or secret nature. Particularly when the 
conspiracy theory lacks anything else to back it up other than a RDNS name 
containing "fed".

But hey, if you want to block it, go for it, I doubt it will hurt anything...

At 12:55 PM 3/17/2003 -0500, Travis Farmer wrote:
> I may just be paranoid, but has anybody found communication to/from magic
> lantern, at least enough to build a signature on?
>
> The most I got was that it connects to FedWU.windowsupdate.com, and a ip
> lookup brings up 207.46.131.197.



-------------------------------------------------------
This SF.net email is sponsored by:Crypto Challenge is now open! 
Get cracking and register here for some mind boggling fun and 
the chance of winning an Apple iPod:
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users