Firewall Wizards mailing list archives
Re: "Re: a fun new tool from us... & 'Today's occurances' "
From: "Paul D. Robertson" <proberts () clark net>
Date: Wed, 28 Apr 1999 10:09:20 -0400 (EDT)
On Tue, 27 Apr 1999, Philip S Holt, Security Engineer / Network Engineer wrote:
Here's the deal. @ 16:40:05 BOF reports ... (mjr's little gem) FTP connection from 209.233.142.18 ... nslookup reveals that this is the University Of Washington.
Not on my system, but I prefer dig -
[root@gargoyle root]# dig 18.142.233.209.in-addr.arpa any any | more
; <<>> DiG 8.1 <<>> 18.142.233.209.in-addr.arpa any any
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; 18.142.233.209.in-addr.arpa, type = ANY, class = ANY
;; ANSWER SECTION:
18.142.233.209.in-addr.arpa. 1h56m45s IN PTR
adsl-209-233-142-18.dsl.lsan03.pacbell.net.
;; AUTHORITY SECTION:
142.233.209.in-addr.arpa. 1h56m45s IN NS ns1.pbi.net.
142.233.209.in-addr.arpa. 1h56m45s IN NS ns2.pbi.net.
;; ADDITIONAL SECTION:
ns1.pbi.net. 1d23h56m40s IN A 206.13.28.11
ns2.pbi.net. 1d23h56m40s IN A 206.13.29.11
Both authoritative servers return the same data
Whois corraborates this:
[root@gargoyle root]# whois 209.233.142.18 () whois arin net
[whois.arin.net]
Pacific Bell Internet Services,Inc. (NETBLK-PBI-NET-5) PBI-NET-5
209.232.0.0 - 209.233.255.255
Donovan Williams (NETBLK-PBI-CUSTNET-6607) PBI-CUSTNET-6607
209.233.142.16 - 209.233.142.23
@ the bottom of the nslookup
entry - as follows: > Name adsl-209-233-142-18-dsl.lsan03.pacbell.net
Now, what exactly is the relationship between this entry (The dsl line @ pacbell) to that of my dial-up connection through US Worst?
If 209.233.142.18 is the IP address that showed up in your logs, then
that's the address the packets were launched from.
Maybe you've got some extraneous nameserver information from UW - though
as they're not authoritative for the domains in question, or maybe you're
misinterpreting the data.
FWIW, ns1.pbi.net and ns2.pbi.net show the same address, that's a no-no.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts () clark net which may have no basis whatsoever in fact."
PSB#9280
Current thread:
- a fun new tool from us... Marcus J. Ranum (Apr 08)
- Re: a fun new tool from us... C. Harald Koch (Apr 10)
- Re: a fun new tool from us... Jonathan Rozes (Apr 14)
- Message not available
- Re: a fun new tool from us... Christoph Schneeberger (Apr 15)
- Re: a fun new tool from us... C. Harald Koch (Apr 10)
- Re: Port 5767 mht (Apr 14)
- "Re: a fun new tool from us... & 'Today's occurances' " Philip S Holt, Security Engineer / Network Engineer (Apr 28)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " Paul D. Robertson (Apr 28)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " Kaptain (Apr 29)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " Paul D. Robertson (Apr 29)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " pmsac (Apr 29)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " carson (Apr 30)
- "Who else picked this one up?" Philip S Holt, Security Engineer / Network Engineer (Apr 30)
- Re: "Who else picked this one up?" Marcus J. Ranum (Apr 30)
- BO, netbus and so on... Marcelo M. Sosa Lugones (Apr 30)
- Re: "Who else picked this one up?" Paul D. Robertson (Apr 30)
- Re: "Who else picked this one up?" Marcus J. Ranum (Apr 30)
- Re: "Who else picked this one up?" Paul D. Robertson (Apr 30)
- Re: "Re: a fun new tool from us... & 'Today's occurances' " Paul D. Robertson (Apr 28)