[Dshield] Odd traceroute, I *think* I know what's going on, but not sure.
BKWalker at drbsystems.com
Wed Oct 8 17:47:55 GMT 2008
> -----Original Message-----
> From: Jon Kibler [mailto:Jon.Kibler at aset.com]
> Sent: Wednesday, October 08, 2008 1:35 PM
> To: General DShield Discussion List; Brenden Walker
> Subject: Re: [Dshield] Odd traceroute, I *think* I know what's going
> on, but not sure.
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Brenden Walker wrote:
> > I was checking out a snort log entry, and thought this was odd.
> > When I do the same traceroute from a different network on a windows
> > it shows my local computer name in place of localhost.
> > What I think this means is that some doofus in Vietnam (addresses
> > by Vietnamese ISP) named a router localhost? I could see windoze
> > translating that into the local computer name/domain.
> > Just the first time I've noticed this, anything to worry about?
> Well, it doesn't mean that the router is named 'localhost'... rather,
> means that someone set up DNS to reply 'localhost' for
> 188.8.131.52.in-addr.arpa. In other words, the zone 30.123.in-addr.arpa
> has a pointer record that reads:
> 2.74 IN PTR localhost.
> Hope this clarifies it for you.
Sure does, thanks!
More information about the Dshield