[Dshield] Weird scanning, weird ports, weird TCP flags..
brian at linuxwidows.com
Fri Oct 24 02:12:32 GMT 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Thursday 23 October 2003 17:02, Nick Harley wrote:
> I do understand network masking
Sorry, I was misled by your mention of 'newbie'. No offense intended.
> but I don't understand what 126/8 is. I
> had assumed that this would mean 126.x.x.x/8
That's exactly what it means.
> but that wouldn't fit with 0/8 0.x.x.x/8.
Why not? If a worm or tool crafts packets (invalid or not) with
the first eight bits set to zero, that's 0/8...
$ whois 0.1.1.1 at whois.arin.net
OrgName: Internet Assigned Numbers Authority
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
NetRange: 0.0.0.0 - 0.255.255.255
NetType: IANA Special Use
Comment: Please see RFC 3330 for additional information.
"0.0.0.0/8 - Addresses in this block refer to source hosts on "this"
network. Address 0.0.0.0/32 may be used as a source address for this
host on this network; other addresses within 0.0.0.0/8 may be used to
refer to specified hosts on this network [RFC1700, page 4]."
"Solaris Unix" -- we don't do it because it's redundant, like calling a
dog a Dog/Beagle. A Beagle is-a dog, Solaris is-a Unix, and Linux is-a GNU.
Gary Lawrence Murphy in http://advogato.org/article/711.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Brian Coyle, GCIA http://www.giac.org/GCIA.php
-----END PGP SIGNATURE-----
More information about the list