[Dshield] Unusual snort traffic
jsage at finchhaven.com
Mon Nov 12 02:32:56 GMT 2001
It was total luck...
Actually there have been a few time when I've tried IP addresses
adjacent to a suspect IP that, as in this case, responds with a
In this case I was intrigued by the fact that he (Eric Lindvall) had
only 22.214.171.124 - 126.96.36.199 assiged to him, so when you take out
the network and broadcast IP's he's got - what? - 14 to work with?
It wouldn't have taken long to plug each of 'em into a web browser
one-by-one and see what popped up; I went downward first and *bingo*
If you contact netscan.org it'd be interesting to hear what they have to
Chan, Stephen (TIS, Singapore) wrote:
> Holy Netscans Batman! That is a mighty fine piece of investigative legwork.
> *Hats off*
> Thanks for the detailed followup John :-) I did conduct my own digging
> around, but got nowhere as detailed as you got.
> I doubt if my network is a 'smurf amplifier' but might be a good idea to run
> the netscan on myself...
> Thanks again
> -----Original Message-----
> From: John Sage [mailto:jsage at finchhaven.com]
> Sent: Sunday, November 11, 2001 12:28 PM
> To: dshield at dshield.org
> Cc: stephen_chan at sg.ml.com
> Subject: Re: [Dshield] Unusual snort traffic
> <long, but maybe worth it...>
More information about the list