[Dshield] Odd traceroute, I *think* I know what's going on, but not sure.

Jon Kibler Jon.Kibler at aset.com
Wed Oct 8 19:55:04 GMT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Brenden Walker wrote:
> New thought on the subject.
> 
> Could this be someone thinking it's a good idea?  I know that on most of my machines I have a hosts files with a lot of bad servers mapping to 127.0.0.1 so that nothing can get to doubleclick.net for example.
> 
> Is it possible that someone thought they could do something similar to a DNS?  Obviously this is bass-ackwards, not going to do the same thing at all.
> 
> Just a crazy thought.
> 

Could just be someone being lazy and using a wildcard (or BIND
$GENERATE) to assign the name localhost to all IPs in a block.

I don't see how this can be anything malicious. It am sure it is just
some name server admin being lazy.

Jon K
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkjtEBgACgkQUVxQRc85QlNgdACfVROW6ej1LMJVQhAlZOdb0xLs
KX0AmwQAxVftxm+6zMbgWp/JCZhLhS0w
4q
-----END PGP SIGNATURE-----




=========================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.



More information about the Dshield mailing list