Security Incidents mailing list archives
Re: Spider with improbable IP address
From: insecure <insecure () ameritech net>
Date: Fri, 15 Oct 2004 12:27:47 -0500
There's no reason that an IP address like that wouldn't be perfectly valid, no matter what the first three octets contain. This has been true for at least a decade.
Read up on CIDR and RFC1519 (http://www.faqs.org/rfcs/rfc1519.html). Ed Wittmann wrote:
A server I help maintain is currently being spidered, which is not so unusual - however, I note that the address the spider is coming from seems weird: xxx.xxx.xxx.0 Now, I was under the assumption that you can't send and receive on this address - but the requests come in here, and they're clearly going back out here. The weblogs show this address. Could someone cure my ignorance? Is this spoofing? It doesn't seem like source spoofing since the reply is clearly going back to the same IP address.
Current thread:
- Spider with improbable IP address Ed Wittmann (Oct 15)
- Re: Spider with improbable IP address insecure (Oct 15)
- Re: Spider with improbable IP address Bennett Todd (Oct 15)
- Re: Spider with improbable IP address Ric Messier (Oct 18)
- Re: Spider with improbable IP address Bennett Todd (Oct 18)
- Re: Spider with improbable IP address Ric Messier (Oct 18)
- <Possible follow-ups>
- RE: Spider with improbable IP address k levinson (Oct 15)
- RE: Spider with improbable IP address Jobe Bittman (Oct 15)