Network Security: Detailed info on RE: Spider with improbable IP address

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

RE: Spider with improbable IP address

from [Jobe Bittman] Network Security

[Permanent Link]

Subject:	RE: Spider with improbable IP address
Date:	Fri, 15 Oct 2004 10:15:18 -0700

It's a valid ip address for a subnet larger than /24. I once got a
x.x.x.0 address on my cable modem. I was so bummed when I had to reboot
a few months later and lost it.

-----Original Message-----
From: Ed Wittmann [mailto:wittmann@sae.org] 
Sent: Thursday, October 14, 2004 11:14 AM
To: incidents@securityfocus.com
Subject: Spider with improbable IP address

A server I help maintain is currently being spidered, which is not so
unusual - however, I note that the address the spider is coming from
seems weird:

xxx.xxx.xxx.0

Now, I was under the assumption that you can't send and receive on this
address - but the requests come in here, and they're clearly going back
out here. The weblogs show this address.

Could someone cure my ignorance? Is this spoofing? It doesn't seem like
source spoofing since the reply is clearly going back to the same IP
address.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Spider with improbable IP address, Ed Wittmann Re: Spider with improbable IP address, insecure Re: Spider with improbable IP address, Bennett Todd Re: Spider with improbable IP address, Ric Messier Re: Spider with improbable IP address, Bennett Todd RE: Spider with improbable IP address, k levinson RE: Spider with improbable IP address, Jobe Bittman <=

Previous by Date:	RE: 1,800 files missing from system32, Joe Blatz
Next by Date:	Re: 1,800 files missing from system32, Harlan Carvey
Previous by Thread:	RE: Spider with improbable IP address, k levinson
Next by Thread:	Web Attack Data - Apache, Ryan Barnett
Indexes:	[Date] [Thread] [Top] [All Lists]