[9706] in cryptography@c2.net mail archive
Re: My HP printer talking to the FBI?
daemon@ATHENA.MIT.EDU (ji@research.att.com)
Tue Oct 23 23:47:56 2001
Date: Tue, 23 Oct 2001 23:43:55 -0400 (EDT)
Message-Id: <200110240343.XAA26656@bual.research.att.com>
From: ji@research.att.com
To: cryptography@wasabisystems.com
Dennis Glatting wrote:
> I was looking through my firewall logs and found this gem:
>
> Oct 17 03:43:33 btw /kernel: Oct 17 03:41:34 btw /kernel:
> ipfw: 7800 Unreach TCP 12.1.224.109:80 206.129.5.146:1115
> in via xl1
>
I haven't used ipfw in a while; I assume this means that the source of
the packet was the 12 address and the destination was your printer,
and it came from outside your firewall, right?
If this is the case, there is a much simpler explanation: someone is
attacking the web server at 12.1.224.109 using fake IP addresses; the
server is responding to the source address of the packet, and you
catch it.
/ji
--
/\ ASCII ribbon | John "JI" Ioannidis * Secure Systems Research Department
\/ campaign | AT&T Labs - Research * Florham Park, NJ 07932 * USA
/\ against | "Intellectuals trying to out-intellectual
/ \ HTML email. | other intellectuals" (Fritz the Cat)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
