[Dshield] Weird scanning, weird ports, weird TCP flags..

Brian Coyle brian at linuxwidows.com
Fri Oct 24 02:12:32 GMT 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thursday 23 October 2003 17:02, Nick Harley wrote:
> I do understand network masking 

Sorry, I was misled by your mention of 'newbie'.  No offense intended.


> but I don't understand what 126/8 is. I
> had assumed that this would mean 126.x.x.x/8 

That's exactly what it means.

> but that wouldn't fit with 0/8 0.x.x.x/8.

Why not?   If a worm or tool crafts packets (invalid or not) with 
the first eight bits set to zero, that's 0/8...

Besides that-   

$ whois 0.1.1.1 at whois.arin.net
[whois.arin.net]

OrgName:    Internet Assigned Numbers Authority 
OrgID:      IANA
Address:    4676 Admiralty Way, Suite 330
City:       Marina del Rey
StateProv:  CA
PostalCode: 90292-6695
Country:    US

NetRange:   0.0.0.0 - 0.255.255.255 
CIDR:       0.0.0.0/8 
NetName:    RESERVED-1
NetHandle:  NET-0-0-0-0-1
Parent:     
NetType:    IANA Special Use
Comment:    Please see RFC 3330 for additional information.
RegDate:    
Updated:    2002-10-14


http://www.ietf.org/rfc/rfc3330.txt?number=3330

  "0.0.0.0/8 - Addresses in this block refer to source hosts on "this"
   network.  Address 0.0.0.0/32 may be used as a source address for this
   host on this network; other addresses within 0.0.0.0/8 may be used to
   refer to specified hosts on this network [RFC1700, page 4]."



HTH!


- --
"Solaris Unix" -- we don't do it because it's redundant, like calling a 
dog a Dog/Beagle. A Beagle is-a dog, Solaris is-a Unix, and Linux is-a GNU. 
   Gary Lawrence Murphy in http://advogato.org/article/711.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Brian Coyle, GCIA                http://www.giac.org/GCIA.php

iD8DBQE/mIqbER3MuHUncBsRAhNAAJ9D7hFfCXNvGzb18ZbsWx2XnR+dfgCeJPlm
7c/0h+6EGmL6QFeezxrrK/k=
=wKdh
-----END PGP SIGNATURE-----




More information about the list mailing list