My HP printer talking to the FBI?
Dennis Glatting
dg at pki2.com
Wed Oct 24 00:13:40 EDT 2001
On Tue, 2001-10-23 at 21:43, ji at research.att.com wrote:
> Dennis Glatting wrote:
>
> > I was looking through my firewall logs and found this gem:
> >
> > Oct 17 03:43:33 btw /kernel: Oct 17 03:41:34 btw /kernel:
> > ipfw: 7800 Unreach TCP 12.1.224.109:80 206.129.5.146:1115
> > in via xl1
> >
>
>
> I haven't used ipfw in a while; I assume this means that the source of
> the packet was the 12 address and the destination was your printer,
> and it came from outside your firewall, right?
>
Correct.
I checked my logs and I had a hit from the same source against an unused
IP address a few days earlier.
> If this is the case, there is a much simpler explanation: someone is
> attacking the web server at 12.1.224.109 using fake IP addresses; the
> server is responding to the source address of the packet, and you
> catch it.
>
> /ji
>
> --
> /\ ASCII ribbon | John "JI" Ioannidis * Secure Systems Research Department
> \/ campaign | AT&T Labs - Research * Florham Park, NJ 07932 * USA
> /\ against | "Intellectuals trying to out-intellectual
> / \ HTML email. | other intellectuals" (Fritz the Cat)
>
>
>
>
>
> ---------------------------------------------------------------------
> The Cryptography Mailing List
> Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list