[Dshield] Weird scanning, weird ports, weird TCP flags..

John Sage jsage at finchhaven.com
Fri Oct 24 15:25:10 GMT 2003


in re: /8 et al...

On Fri, Oct 24, 2003 at 08:12:31AM -0500, Nick Harley wrote:
> I guess I never thought of that as a valid network, only a local
> broadcast. I learn something new every day. :)
> 
> >>> "Brian Coyle" <brian at linuxwidows.com> 10/23/2003 9:12:32 PM >>>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1

/* snip */

> > but I don't understand what 126/8 is. I
> > had assumed that this would mean 126.x.x.x/8 
> 
> That's exactly what it means.
> 
> > but that wouldn't fit with 0/8 0.x.x.x/8.
> 
> Why not?   If a worm or tool crafts packets (invalid or not) with 
> the first eight bits set to zero, that's 0/8...

/* snip */

A useful tool for fiddling with such nonsense:

http://jodies.de/ipcalc

Available in command line form:

http://jodies.de/ipcalc.pl

and presents a pretty html face:

http://jodies.de/ipcalc_cgi


Works well, and is less filling.



- John
-- 
"Most people don't type their own logfiles;  but, what do I care?"
-
John Sage: InfoSec Groupie
-
ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-
-
ATTENTION: this entire message is privileged communication, intended
for the sole use of its recipients only. If you read it even though
you know you aren't supposed to, you're a poopy-head.




More information about the list mailing list