[Dshield] Weird scanning, weird ports, weird TCP flags..
jsage at finchhaven.com
Fri Oct 24 15:25:10 GMT 2003
in re: /8 et al...
On Fri, Oct 24, 2003 at 08:12:31AM -0500, Nick Harley wrote:
> I guess I never thought of that as a valid network, only a local
> broadcast. I learn something new every day. :)
> >>> "Brian Coyle" <brian at linuxwidows.com> 10/23/2003 9:12:32 PM >>>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
/* snip */
> > but I don't understand what 126/8 is. I
> > had assumed that this would mean 126.x.x.x/8
> That's exactly what it means.
> > but that wouldn't fit with 0/8 0.x.x.x/8.
> Why not? If a worm or tool crafts packets (invalid or not) with
> the first eight bits set to zero, that's 0/8...
/* snip */
A useful tool for fiddling with such nonsense:
Available in command line form:
and presents a pretty html face:
Works well, and is less filling.
"Most people don't type their own logfiles; but, what do I care?"
John Sage: InfoSec Groupie
ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-
ATTENTION: this entire message is privileged communication, intended
for the sole use of its recipients only. If you read it even though
you know you aren't supposed to, you're a poopy-head.
More information about the list