Full Disclosure mailing list archives
Re: DoD ...and r57(!?)
From: t0hitsugu <tohitsugu () gmail com>
Date: Sat, 28 May 2011 14:50:09 -0700
No, you are correct, I wasnt :/ Kismet would have been a good idea..it just happened so fast I was goingwith the first thoughts in my mind. Whoever it was must have been very disappointed..nothing on my box anyone would want as I just formatted it for bt. One possibility is someone with a tmobile phone using a debian chroot was nearby, as they happen to share the same ip...I need to recheck the packet headers
On May 28, 2011 2:10 PM, "coderman" <coderman () gmail com> wrote:On Sat, May 28, 2011 at 6:13 AM, t0hitsugu <tohitsugu () gmail com> wrote:... I noticed my connection had suddenly slowed to a crawl and did a scan
on
myself (running bt5 gnome 32) and was quite surprised to see I had
around 18
open ports, most of them connected to a server with the ip of 26.195.181.202. Curious, I did a GET on one of them 33644 and saw the
r57
spider pop up. I tried to ncat a couple more in hopes of getting a bind
to
trace but they all closed shortly after. According to wireshark, nmap and whois they werent being spoofed. The
server
also happens to be registered to the DoD...lol. Has anyone ever encountered something like this before? Seems a lot of trouble youd be risking borrowing the address of a military/gov domain.how do you know they weren't being spoofed? a local attacker on wireless can pretend to be any endpoint in your path. bet you weren't watching arp tables. (static arp; an oldie but
goodie...)
wpa2 is a fig leaf, and wifi carries far beyond the walls of your coffee shop. you need kismet not wireshark for these situations.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- DoD ...and r57(!?) t0hitsugu (May 28)
- Re: DoD ...and r57(!?) Valdis . Kletnieks (May 28)
- Re: DoD ...and r57(!?) coderman (May 28)
- Message not available
- Re: DoD ...and r57(!?) t0hitsugu (May 28)
- Message not available