[Dshield] Questions about traceroute

Johannes Ullrich jullrich at sans.org
Tue Jun 25 04:20:54 GMT 2002


> Traceroute confuses me... i also see it says (fake dns).  What's that
> mean?  that they spoofed an IP?

DNS has two parts:

'regular' or 'forward' DNS, which resolves host names in to IP
addresses.
'reverse' DNS, which does it the other way around. 

I think your DNS program complains about the two entries not matching
up, which isn't a big deal and actually quite common. In particular for
virtual web servers. For example if you look at 'dshield.org', we have
multiple host names sharing one IP address (www.dshield.org, 
feeds.dshield.org... ). But the IP address reverse resolves to something
our ISP set up, which is fine.


-- 
---------------------------------------------------------------
jullrich at sans.org             Collaborative Intrusion Detection
                                    join http://www.dshield.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20020625/78d6d4c4/attachment.bin


More information about the list mailing list