Security Incidents mailing list archives

Re: Traffic from microsoft.com ?

From: "Bjorn Djupvik" <bjorn.djupvik () globalone net>
Date: Sun, 1 Jul 2001 22:47:12 +0200

I can make any IP delegated to me resolve to whatever I want, including
microsoft.com. Its the way reverse dns works, so the guy scanning you
probably made the ip resolve to microsoft.com to try and spoof the scan. Try
resolving microsoft.com and see if it resolves back to the ip, if it doesnt
then its obviously a fake.

Regards,
Bjorn

----- Original Message -----
From: "Peter Bates" <Peter.Bates () lshtm ac uk>

Was this just the sign of a big spoofed scan, but if so, how come I can't

see

any indication of an IP address that doesn't resolve to microsoft.com?





----------------------------------------------------------------------------


This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see:

http://aris.securityfocus.com

Current thread:

Traffic from microsoft.com ? Peter Bates (Jul 01)
- Re: Traffic from microsoft.com ? Bjorn Djupvik (Jul 01)
- <Possible follow-ups>
- Re: Traffic from microsoft.com ? Peter Bates (Jul 01)