From: waldo kitty 

Mike N.  wrote in
news:flnu53tml7l44i1v97osmv3mtlpfc5v4ca{at}4ax.com:

> On 25 May 2007 16:25:34 -0400, waldo kitty  wrote:
>
>>localhost - - [02/May/2007:08:42:43 -0400] "GET /windowslinks.html
>>HTTP/1.1" 200 12642 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT
>>5.1; SV1; .NET CLR 1.1.4322)"
>>
>>there is absolutely _no_ way for that to be... first of all, there's no
>>browser on that box... second of all, it flat out cannot run MSIE... thrid
>>of all, it definitely is _not_ running windows of any kind (it
>>=can't=!)...
>>
>>now, how can the origin of spoofed IPs be tracked back?
>
>    See if there's a way to disable reverse DNS lookups in Apache for the
> log.  Someone may have been able to control their reverse DNS lookup and
> substituted 'localhost' for their real host name.

yeah, after my talks with geo, that seems to be what happened... the
problem is that i don't really want to turn off DNS lookups :(

--
       _\/
      ({at}{at})                      Waldo Kitty, Waldo's Place USA
__ooO_( )_Ooo_____________________ telnet://bbs.wpusa.dynip.com
_|_____|_____|_____|_____|_____|_____ http://www.wpusa.dynip.com
____|_____|_____|_____|_____|_____|_____ ftp://ftp.wpusa.dynip.com
_|_Eat_SPAM_to_email_me!_YUM!__|_____|_____ wkitty42 -at- alltel.net

--- BBBS/NT v4.01 Flag-5