Snort mailing list archives
Re: 93.184.215.200 black listed IP address
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 6 Oct 2014 15:44:18 +0000
I wonder if that’s a sinkhole…
On Oct 6, 2014, at 11:22 AM, Ceejay Cervantes <ceejay.cervantes () gmail com> wrote: Thanks Joel. A lookup of the mscrl.microsoft.com <http://mscrl.microsoft.com/> domain (CNAME) shows that it resolves to 93.184.215.200 IP address. Non-authoritative answer: Name: cs1.wpc.v0cdn.net <http://cs1.wpc.v0cdn.net/> Addresses: 2606:2800:11f:179a:1972:2405:35b:459 93.184.215.200 Aliases: mscrl.microsoft.com <http://mscrl.microsoft.com/> certrevoc.vo.msecnd.net <http://certrevoc.vo.msecnd.net/> On Mon, Oct 6, 2014 at 10:22 AM, Joel Esler (jesler) <jesler () cisco com <mailto:jesler () cisco com>> wrote: We have it listed as an “Attacker” from an outside source. It’s a private IP out registered through RIPE’s server. Allegedly registered to a private address in Santa Monica, CA. Don’t think that’s Microsoft. -- Joel Esler Open Source Manager Threat Intelligence Team Lead TalosOn Oct 6, 2014, at 10:07 AM, Ceejay Cervantes <ceejay.cervantes () gmail com <mailto:ceejay.cervantes () gmail com>> wrote: Hello, Good day. Any idea on why the 93.184.215.200 IP address was included on the black_list.rules? It seems to be a false positive. Am seeing microsoft.com <http://microsoft.com/> domains on tcpdump. regards, Ceejay ------------------------------------------------------------------------------ Slashdot TV. Videos for Nerds. Stuff that Matters. http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk_______________________________________________ <http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk_______________________________________________> Snort-users mailing list Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users <https://lists.sourceforge.net/lists/listinfo/snort-users> Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users> Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all the latest Snort news!
Attachment:
smime.p7s
Description:
------------------------------------------------------------------------------ Slashdot TV. Videos for Nerds. Stuff that Matters. http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- 93.184.215.200 black listed IP address Ceejay Cervantes (Oct 06)
- Re: 93.184.215.200 black listed IP address Joel Esler (jesler) (Oct 06)
- Re: 93.184.215.200 black listed IP address Ceejay Cervantes (Oct 06)
- Re: 93.184.215.200 black listed IP address Joel Esler (jesler) (Oct 06)
- Re: 93.184.215.200 black listed IP address James Lay (Oct 06)
- Re: 93.184.215.200 black listed IP address Ceejay Cervantes (Oct 06)
- Re: 93.184.215.200 black listed IP address Joel Esler (jesler) (Oct 06)