Return to index: [Subject] [Thread] [Date] [Author]

RE: ARPA

[Subject Prev][Subject Next][Thread Prev][Thread Next]
pleae be a little more specific when you say "20 access attempts," what protocol? what port? were the packets fully qualified?
it's kinda like saying that the sky is falling.
 
i hate to tell you guys, its propably not ARPA. its not worth your time specualting if it might be your NASA screensaver. the ip number/name you are seeing as a result of nslookup is the reverse lookup of the dns address. whoever is the originator has improperly registered name or number, the forward lookup yeilds a different reverse lookup.since you didn't send the actual number or info, i will give you an example that i think you are seeing.
 
when dns gets qualified, there are 3 things that get registered, the host id, the ip number, and the reverse mapping.
 
333.444.555.666 is somehost.foo.com.
 
the reverse dns entry for it is:
 
666.555.444.333.in-addr.arpa. somehost.foo.com.
 
as far as the sequential increase of id numbers, are you sure that its not the port number you are looking at? if it is the ip number, then they are propably behind a firewall.
 
be careful in trying to figure out 'who' it is next time, if the 'offender' is any good, (they propably have read kroll's books and a few others as well, the same one that us 'security guys' read) then they will have means to retalliate against you when you go snooping. they can launch a denial of service attack that will ruin you and your isp's day so fast it would take you a week to figure out what happened.
 
security is as good as the amount of time you take to do it. if you are simply using Zone Alarm on a windows machine beleiving that you are 'safe,' then frankly, no one can help you.
 
good luck
 
dennis