Snort mailing list archives

Re: 93.184.215.200 black listed IP address

From: James Lay <jlay () slave-tothe-box net>
Date: Mon, 06 Oct 2014 09:54:57 -0600

On 2014-10-06 09:44, Joel Esler (jesler) wrote:

I wonder if that’s a sinkhole…

On Oct 6, 2014, at 11:22 AM, Ceejay Cervantes
<ceejay.cervantes () gmail com [8]> wrote:

Thanks Joel. A lookup of the mscrl.microsoft.com [9] domain (CNAME)
shows that it resolves to 93.184.215.200 IP address.

Non-authoritative answer:
Name: cs1.wpc.v0cdn.net [10]
Addresses: 2606:2800:11f:179a:1972:2405:35b:459
93.184.215.200
Aliases: mscrl.microsoft.com [11]
certrevoc.vo.msecnd.net [12]


Doubtful:

[09:52:40 gateway:~/careful$] wgetu 
'http://mscrl.microsoft.com/pki/mscorp/crl/mswww(6).crl'
--2014-10-06 09:52:46--  
http://mscrl.microsoft.com/pki/mscorp/crl/mswww(6).crl
Resolving mscrl.microsoft.com (mscrl.microsoft.com)... 93.184.215.200, 
2606:2800:11f:179a:1972:2405:35b:459
Connecting to mscrl.microsoft.com 
(mscrl.microsoft.com)|93.184.215.200|:80... connected.
HTTP request sent, awaiting response...
   HTTP/1.1 200 OK
   Accept-Ranges: bytes
   Cache-Control: max-age=6481
   Content-Type: application/pkix-crl
   Date: Mon, 06 Oct 2014 15:52:46 GMT
   Etag: "ec3931efc4a5cf1:0"
   Last-Modified: Tue, 22 Jul 2014 15:52:26 GMT
   P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo 
OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
   Server: ECAcc (pae/376B)
   VTag: 791379257600000000
   X-Cache: HIT
   X-Powered-By: ASP.NET
   Content-Length: 727
Length: 727 [application/pkix-crl]
Saving to: `mswww(6).crl'

100%[======================================================================================================================>]
 
727         --.-K/s   in 0s

2014-10-06 09:52:46 (35.5 MB/s) - `mswww(6).crl' saved [727/727]

[09:53:56 gateway:~/careful/$] strings -a mswww\(6\).crl
0'1%0#
Microsoft Internet Authority
140722154224Z
141021040224Z
a0_0
141020155224Z0
5X~se
KQZ<
W@U=R
1z#5
l]P6i%

James



------------------------------------------------------------------------------
Slashdot TV.  Videos for Nerds.  Stuff that Matters.
http://pubads.g.doubleclick.net/gampad/clk?id=160591471&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

93.184.215.200 black listed IP address Ceejay Cervantes (Oct 06)
- Re: 93.184.215.200 black listed IP address Joel Esler (jesler) (Oct 06)
  - Re: 93.184.215.200 black listed IP address Ceejay Cervantes (Oct 06)
    - Re: 93.184.215.200 black listed IP address Joel Esler (jesler) (Oct 06)
    - Re: 93.184.215.200 black listed IP address James Lay (Oct 06)