| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: Did Anyone Else Notice that Apple Lost $4 Billion in Value Yesterda |
From: waldo kitty
"Geo." wrote in news:4659957e$1{at}w3.nls.net:
> "waldo kitty" wrote in message
> news:Xns993B9E68C8414me42{at}216.144.1.254...
>
>> localhost - - [02/May/2007:08:42:43 -0400] "GET /windowslinks.html
>> HTTP/1.1" 200 12642 "-" "Mozilla/4.0
(compatible; MSIE 6.0; Windows NT
>> 5.1; SV1; .NET CLR 1.1.4322)"
>>
>> there is absolutely _no_ way for that to be... first of all, there's no
>> browser on that box... second of all, it flat out cannot run MSIE...
>> thrid of all, it definitely is _not_ running windows of any kind (it
>> =can't=!)...
>>
>> now, how can the origin of spoofed IPs be tracked back?
>
> It's unlikely that it's spoofed, the only way to spoof a TCP connection
> is if you spoof as an address that is on the same physical wire you are
> on so that you can reply to the response since TCP is not connectionless
> (you must establish a 2 way connection).
right... ok, maybe i'm calling it "spoof" and it is something
else? whatever the case, i have 6 or 8 entries exactly like this along with
the thousands of others that come in daily... the only thing different
about them, that i can see by the logs, is the IP which is rDNS's to get
the host name...
> I suppose you could spoof as a remote address if you are on the same
> physical wire as the target as well. But that could be detected with a
> sniffer by looking at the ethernet address and seeing if it's the
> routers or one of the other machines on the wire.
that would mean that there's been a hole found in my (linux) smoothwall
firewall, then... it would also seem to indicate that there should be a lot
of other traffic on my line and there's no indication of that, either...
whatever is going on has really got me scratching my head...
--
_\/
({at}{at}) Waldo Kitty, Waldo's Place USA
__ooO_( )_Ooo_____________________ telnet://bbs.wpusa.dynip.com
_|_____|_____|_____|_____|_____|_____ http://www.wpusa.dynip.com
____|_____|_____|_____|_____|_____|_____ ftp://ftp.wpusa.dynip.com
_|_Eat_SPAM_to_email_me!_YUM!__|_____|_____ wkitty42 -at- alltel.net
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)SEEN-BY: 633/267 @PATH: 379/45 1 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.