In terms of the tracroute.. perhaps the system is simply spoofing the replies to instill fear or confusion? ;-)
---------------------------------- John Daniele Technical Security & Intelligence Toronto, ON Voice: (416) 605-2041 Email: [EMAIL PROTECTED] Web: http://www.tsintel.com ---------------------------------- On Thu, 31 Jan 2002, Rob Reeves wrote: > The machine seems to be down now, but my guess is they were running a script > or web service that redirected you to the CIA site and logged your attempt > to connect. > > Not sure why your Neotrace tool resolved to odci.gov. You might want to try > one of the live VisualRoute servers on the Internet: > > http://www.visualware.com/visualroute/livedemo.html > > > www.tracert.com is also good. > > > > ~Rob > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 30, 2002 7:41 AM > To: [EMAIL PROTECTED] > Subject: what's the real address? > > > Hello, > > I received a medium sized ftp scan from address 64.81.213.144 to my > subnet. Doing a traceroute resolved the IP to > dsl081-213-144.nyc2.dsl.speakeasy.net. A quick nmap scan showed port 80 to > be open.. But when I typed the IP into my browser, I was taken immediately > to www.cia.gov. Performing a tracert from a win machine brought up the > same speakeasy.net host. But using NeoTrace (graphical win trace route > tool) that IP resolved to www.odci.gov, which takes you to the cia.gov web > page.. What gives? > > > Cavell McDermott > Domino Admin > APW Ltd. - Texas Campus > 214-343-1400 - Main > 214-355-2022 - Direct > 214-341-9950 - Fax > http://www.apw.com >
