Re: more info on ramen.tgz

[dor <dor () VIRTUALMYSTIC COM>]

Hi,

212.184.80.190 is www.microsoft.de
synscan `scans` port 80 of this host, and waits the reply.. recieving the
reply is it`s indication to stop scanning... presuming that any syns sent
before this, will already have been replied to.. you can verify this in
the sourcecode available from http://www.psychoid.lam3rz.de

-- Support your government, give Echelon / Carnivore something to parse --
classfield  top-secret government  restricted data information project CIA
KGB GRU DISA  DoD  defense  systems  military  systems spy steal terrorist
Allah Natasha  Gregori destroy destruct attack  democracy will send Russia
bank system compromise international  own  rule the world ATSC RTEM warmod
ATMD force power enforce  sensitive  directorate  TSP NSTD ORD DD2-N AMTAS
STRAP warrior-T presidental  elections  policital foreign embassy takeover
--------------------------------------------------------------------------

On Wed, 17 Jan 2001, Jeffrey F. Lawhorn wrote:

> One more thing I've noticed about the synscan in the ramen.tgz, it sends a TCP
> packet to 212.184.80.190 port 80 from port 31337 after it finishes scanning
> each /16.
>
> Unfortunately I was unable to capture any of the actual packets.  Did anyone
> else manage to capture one of these packets?
>
> jeffl
>
>
> --
> Jeffrey F. Lawhorn                       |Internet Security Consulting
> Software Design Associates, Inc.         |IDS Monitoring/Reporting
> jeffl () wanet net       619-679-5900 voice |Expunge Intruders
> http://www.wanet.net/ 619-679-2327 fax   |
> Finger jeffl () wanet net for PGP Public Key.
>
> Insist on Quality! WANet.Net is an ISP/C Member - http://www.ispc.org/