Full Disclosure mailing list archives

Re: Victory day - Sasser surrenders

From: "Maxime Ducharme" <mducharme () cybergeneration com>
Date: Tue, 11 May 2004 11:38:14 -0400


Hi

193/8 is not internal (see IANA :
http://www.iana.org/assignments/ipv4-address-space )

This usually happens with NAT'ed hosts, which advertise
themselves with their current IP (which is local), but the
when the SMTP server isnt in the same range, it sees the
NAT'ed IP which isnt the same.

By 'advertise' I mean the HELO part of a SMTP transaction.

The server then adds the IP it really sees in parenthesis after
the advertised IP from the host, thats why we can see both
of them.

Some prefer not to make it public, some other just dont bother ;)

Have a nice day

Maxime Ducharme
Programmeur / Spécialiste en sécurité réseau

----- Original Message ----- 
From: "Rob Clark" <rob () cyber-worx co uk>
To: <full-disclosure () lists netsys com>
Sent: Tuesday, May 11, 2004 10:34 AM
Subject: Re: [Full-disclosure] Victory day - Sasser surrenders


193.x.x.x isnt internal,,, is it?



--On Monday, May 10, 2004 12:16 PM +0200 fd <fulldis () it97 dyndns org>

wrote:

I'd remove something from the mailer:
  Received: from [192.168.195.2] ([193.7.145.26])


Why? Not all of us care about disclosing "internal" IP addresses. :)

-J


--
Jeff Workman | http://www.pimpworks.org/nigritude-ultramarine.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html



-- 
This email may contain confidential and privileged information for the
sole use of the intended recipient. Any review or distribution by others
is strictly prohibited. If you are not the intended recipient, please
contact the sender and delete all copies of this email message.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Victory day - Sasser surrenders, (continued)
- - - RE: Victory day - Sasser surrenders Aditya, ALD [Aditya Lalit Deshmukh] (May 08)
    - RE: Victory day - Sasser surrenders Poof (May 08)
    - Re: Victory day - Sasser surrenders Lan Guy (May 09)
- Re: Victory day - Sasser surrenders Thilo Schulz (May 08)
  - Re: Victory day - Sasser surrenders Tobias Weisserth (May 08)
- Re: Victory day - Sasser surrenders Tilo Eilers (May 08)
- Re: Victory day - Sasser surrenders Marcus Specht (May 10)
  - Re: Victory day - Sasser surrenders fd (May 10)
    - Re: Victory day - Sasser surrenders Jeff Workman (May 10)
    - Re: Victory day - Sasser surrenders Rob Clark (May 11)
    - Re: Victory day - Sasser surrenders Maxime Ducharme (May 11)
    - Re: Victory day - Sasser surrenders Valdis . Kletnieks (May 11)
    - RE: Victory day - Sasser surrenders Alerta Redsegura (May 11)
    - Re: Victory day - Sasser surrenders p00p (May 11)
    - Re: Victory day - Sasser surrenders Rob Clark (May 12)
- Re: Victory day - Sasser surrenders james . bliss (May 08)
- RE: Victory day - Sasser surrenders Geoff Shively (May 08)
  - Re: Victory day - Sasser surrenders Georgi Guninski (May 08)
  - RE: Victory day - Sasser surrenders Jelmer (May 09)
- Re: Victory day - Sasser surrenders Ian Latter (May 11)