, SecurityFocus 2000-07-07
A mysterious California company is sweeping the net for live hosts, and touching off alarms around the world.
Expand all |
Post comment
Anyone care to share the source IP?
2000-07-07
Anonymous (3 replies)
Anonymous (3 replies)
IP address range?
2000-07-07
Anonymous (3 replies)
Anonymous (3 replies)
IP address range?
2000-07-07
Anonymous (1 replies)
Anonymous (1 replies)
They ARE scanning .GOV
2000-07-07
Anonymous (2 replies)
Anonymous (2 replies)
If Exodus is allowing/supporting this, why not block them as well?
2000-07-07
Anonymous (2 replies)
Anonymous (2 replies)
What can they really learn?
2000-07-07
Anonymous (4 replies)
Anonymous (4 replies)
Scanned In Seattle
2000-07-08
Anonymous (1 replies)
Anonymous (1 replies)
This is the same as a person knocking at your front door, Nothing illegal here.
2000-07-11
Jeff Deitz <jeffd (at) vsp (dot) com [email concealed]> (3 replies)
Jeff Deitz <jeffd (at) vsp (dot) com [email concealed]> (3 replies)
This is the same as a person knocking at your front door, Nothing illegal here.
2000-07-11
Anonymous
Anonymous
This is the same as a person knocking at your front door, Nothing illegal here.
2000-07-11
Anonymous (2 replies)
Anonymous (2 replies)
This is the same as a person knocking at your front door, Nothing illegal here.
2000-07-13
Anonymous
Anonymous
time domain reflectometer
2000-07-11
Anonymous (2 replies)
Anonymous (2 replies)
As has been pointed out, there is only a limited utility in using the stock traceroute and ping utilities to gather information. Ping will let you know whether something's 'up' and traceroute will show you the route through the void from the origin to the target. Unless loose source routing is enabled along the way, this technique couldn't tell me how the target gets to someone else, or how someone else gets to the target. Worse, traceroute may not be showing the same route the target would get if they traced to me.
A quick stop at traceroute.org will give you a list of hundreds of traceroute gateways on the net. You could use them to map various alternate routes into an address. Something that's far more usefull than tracing thousands of outbounds from a single location if you're interested in network topology.
Getting "geographical information" is trivial in most cases, since you can usually get that from the upstream provider. How many ISP's and GSP's name their routers "dedicated.sf.ca.GSP.net" or some such? That alone localizes it, and pretty much anything hanging off of it.
To get to the "nefarious plot" part, has anyone considered this is all a stunt to gain some publicity before the IPO with a non-existent, or at least "l4Ym3" product? "We've mapped the whole Internet! Buy our stock!" "Wow, Vern, they mapped the whole net! Let's buy their stock!"
Face it. Anyone could write a 10 minute perl script to mimic what these guys are doing. In fact, you could probably write an automated script to find the "core" routers for entire subnets (the thousands of DSL customers hanging off a big metro core router for example) and use the traceroute gateways to actually map the topology.
As for the CIA plot bit, it's cute. But a disgruntled Network Engineer at one of the big NAP's can do more damage with a pait of wirecutters than these guys can with all their data. "Funny. That OC192 looked just like target.com's OC3!"
"ph33r the clueless, for they shall inhibit the Net..."
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/56/2538#2538