Gadi, Could you please take the self-promotion offline already? Enough is enough! I don't think anybody on this list is interested in hiring you or reviewing your resume!
(It could be argued that my post is off-topic as well. I disagree. Furthermore, it had to be done, given the lack of public face or consistent enforcement action of the current MLC.) Drive Slow, Paul Wall http://www.linkedin.com/in/paulwall On Tue, Sep 2, 2008 at 6:28 PM, Gadi Evron <[EMAIL PROTECTED]> wrote: > My profile and resume: http://www.linkedin.com/in/gadievron > On Tue, 2 Sep 2008, Dan Mahoney, System Admin wrote: > >> Hello all, >> >> While recently trying to debug a CEF issue, I found a good number of >> packets in my "debug cef drops" output that were all directed at >> 198.32.64.12 (which I see as being allocated to ep.net but completely >> unused). >> >> Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route >> Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route >> Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route >> Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route >> Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route >> Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route >> Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route >> Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route >> >> Now, as nearly as I can tell, this IP address has never been used for >> anything, but I see occasional references to it, such as here: >> >> http://www.honeynet.org/papers/forensics/exploit.html >> >> So the question is, should I just ignore this as a properly dropped packet >> due to "no route" (this provider is running defaultless, so unless such a >> route exists, it should be okay). >> >> On the other hand, one of the other packets I'm seeing specifically refers >> to a DNS exploit, so should I then dispatch to people to trace down the >> source origin ? (Suffice it to say the resources are there to find it >> fairly easily, even if the source address is forged). > > It should be treated as an intelligence source, sharing that one openly is > probably counter-productive. > > Regardless, very interesting. I think follow-up just for interest's sake may > be worth it. > > >> -Dan >> >> -- >> >> --------Dan Mahoney-------- >> Techie, Sysadmin, WebGeek >> Gushi on efnet/undernet IRC >> ICQ: 13735144 AIM: LarpGM >> Site: http://www.gushi.org >> --------------------------- >> >> > >