[PLUG] auth.log
Marv
lamsokvr at xprt.net
Sun Mar 14 22:09:01 UTC 2004
On Sun, 2004-03-14 at 21:37, Chris Jantzen wrote:
> On Sun, Mar 14, 2004 at 08:29:59PM -0800, Chris Jantzen wrote:
> > On Sun, Mar 14, 2004 at 07:39:31PM -0800, Marv wrote:
> > > What is "reverse mapping checking getaddrinfo for
> > > 66-42-36-140.sttl.dial.netzero.com" all about??
> >
> > Do "host 66-42-36-140.sttl.dial.netzero.com" (or nslookup or dig or
> > whatever's appropriate) and it'll return an ip address. Then do "host
> > xx.xx.xx.xx" on that ip address. If they don't match, the isp is doing
> > something wrong, or someone who controls their reverse lookup was
> > trying to take advantage of host-based authentication (which you
> > shouldn't do anyways) to break in. If they do match, your DNS server
> > may have had a hiccup, or they "cleaned up their act". The benign
> > answers (incompetent isp and dns hiccup) are, unfortunately, the most
> > likely answers. ("Unfortunately", in that it's a bit like Chicken
> > Little.)
>
>
> (Or I could do this myself. But the explanation should help you.)
>
>
> omoikane:~$ host 66.42.36.140
> 140.36.42.66.in-addr.arpa domain name pointer 66-42-36-140.sttl.dial.netzero.com.
> omoikane:~$ host 66-42-36-140.sttl.dial.netzero.com
> Host 66-42-36-140.sttl.dial.netzero.com not found: 3(NXDOMAIN)
>
>
> Definitely a case of incompetent isp.
Thank you
I came to the same conclusion...
Or what is the chance he spoofed his url??
Then of course it wouldn't reversemap..
I DON'T trust this person..
Thanks for your time.
More information about the PLUG
mailing list