Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Spider with improbable IP address

from [k levinson] Network Security [Permanent Link]
Subject: RE: Spider with improbable IP address
Date: Fri, 15 Oct 2004 10:29:27 -0700 (PDT) 
It could be either.  .0 can be a valid IP address. 
Not every subnet out there is an even /24 class C
subnet starting and ending at .0 and .255

Spoofing an invalid source IP address in successful
TCP sessions is problematic.  You're right that the
fact that you're getting HTTP requests in your web
log, presumably following a successful TCP handshake,
suggests that this may not be spoofing.

The usual IP lookup tools such as whois and nslookup
should be able to help you confirm whether this IP is
a valid spider host.

- karl levinson



-----Original Message-----
From: Ed Wittmann [mailto:wittmann@sae.org] 
Sent: Thursday, October 14, 2004 2:14 PM
To: incidents@securityfocus.com
Subject: Spider with improbable IP address



xxx.xxx.xxx.0


Now, I was under the assumption that you can't send

and 

receive on this address 



Could someone cure my ignorance? Is this spoofing?

It doesn't 

seem like source spoofing since the reply is clearly

going 

back to the same IP address.





                
_______________________________
Do you Yahoo!?
Declare Yourself - Register online to vote today!
http://vote.yahoo.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Spider with improbable IP address, Bennett Todd
Next by Date:  RE: 1,800 files missing from system32, Joe Blatz
Previous by Thread:  Re: Spider with improbable IP address, Bennett Todd
Next by Thread:  RE: Spider with improbable IP address, Jobe Bittman
Indexes:  [Date] [Thread] [Top] [All Lists]