Maybe the computer doing the scanning has port redirection software running, so attempts to connect to certain ports on that computer redirect the attempt to the cia.gov website. If this is true, then that is pretty intelligent on the part of him. The average person would get scared typing in this address and getting the CIA website, and it confused you. I'm not saying I'm right, but that seems like a very logical and (hopefully, for you - I wouldn't want the CIA scanning me...) likely response.
DoPo > I received a medium sized ftp scan from address 64.81.213.144 to my > subnet. Doing a traceroute resolved the IP to > dsl081-213-144.nyc2.dsl.speakeasy.net. A quick nmap scan showed port 80 to > be open.. But when I typed the IP into my browser, I was taken immediately > to www.cia.gov. Performing a tracert from a win machine brought up the > same speakeasy.net host. But using NeoTrace (graphical win trace route > tool) that IP resolved to www.odci.gov, which takes you to the cia.gov web > page.. What gives?
