My HP printer talking to the FBI?

ji at research.att.com ji at research.att.com
Tue Oct 23 23:43:55 EDT 2001


Dennis Glatting wrote:

> I was looking through my firewall logs and found this gem:
> 
> 	Oct 17 03:43:33 btw /kernel: Oct 17 03:41:34 btw /kernel:
> 	ipfw: 7800 Unreach TCP 12.1.224.109:80 206.129.5.146:1115
> 	in via xl1
> 


I haven't used ipfw in a while; I assume this means that the source of
the packet was the 12 address and the destination was your printer,
and it came from outside your firewall, right?

If this is the case, there is a much simpler explanation: someone is
attacking the web server at 12.1.224.109 using fake IP addresses; the
server is responding to the source address of the packet, and you
catch it.

/ji

--
 /\  ASCII ribbon  |  John "JI" Ioannidis * Secure Systems Research Department
 \/    campaign    |  AT&T Labs - Research * Florham Park, NJ 07932 * USA
 /\    against     |  "Intellectuals trying to out-intellectual
/  \  HTML email.  |   other intellectuals" (Fritz the Cat)





---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list