[CLUE-Tech] root kit checker
Mike Staver
staver at fimble.com
Thu May 6 11:10:49 MDT 2004
Hmm, interesting. So, it's either a DoS or MSN search ignores my
robots.txt file. Bad news either way. Thanks everybody for the quick
response - I've noticed I'm able to mail to the list a lot quicker now
that reverse dns is done, right? I'll try to set up etherreal and see
what's going on.
Jed S. Baer wrote:
> On Thu, 06 May 2004 10:26:37 -0600
> Mike Staver <staver at fimble.com> wrote:
>
>
>>65.54.164.101
>>
>>The reverse dns on this is wrong I think, it claims it's part of
>>msn.com, which I find hard to believe since it has no forward dns
>>pointer record assigned to it.
>
>
> $ whois 65.54.164.101 at whois.arin.net
>
> OrgName: Microsoft Corp
> OrgID: MSFT
> Address: One Microsoft Way
> City: Redmond
> StateProv: WA
> PostalCode: 98052
> Country: US
>
> NetRange: 65.52.0.0 - 65.55.255.255
> CIDR: 65.52.0.0/14
> NetName: MICROSOFT-1BLK
> NetHandle: NET-65-52-0-0-1
> Parent: NET-65-0-0-0-0
> NetType: Direct Assignment
> NameServer: DNS1.CP.MSFT.NET
> NameServer: DNS2.CP.MSFT.NET
> NameServer: DNS1.TK.MSFT.NET
> NameServer: DNS1.DC.MSFT.NET
> NameServer: DNS1.SJ.MSFT.NET
> Comment:
> RegDate: 2001-02-14
> Updated: 2002-12-05
>
> TechHandle: ZM23-ARIN
> TechName: Microsoft Corporation
> TechPhone: +1-425-882-8080
> TechEmail: noc at microsoft.com
>
> If your machine has been compromised, perhaps it's part of a DDOS against
> M$.
>
> jed
--
-Mike Staver
staver at fimble.com
mstaver at globaltaxnetwork.com
More information about the clue-tech
mailing list