| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: Strange ldap Behavior. On Tue, 18 May 2004 18:54:36 +0200, "Soderland, Craig" <craig.soderland@....com> said: > Understood, but why would this system be trying to make a connection there? I > has no reason to be connecting and we just noticed it which raised a few > questions. You're missing the point - if another machine on the subnet wants to talk to my laptop, it sends to MAC address 00:06:5B:EB:39:7D (the docking station interface) or to 00:02:2D:5C:11:48 (the wireless card). The fact that 00:06:5B is a Dell prefix doesn't mean that people are connecting to dell.com - they're connecting to hardware MADE BY Dell. Similarly, just because 00:02:2D belongs to Agere Systems doesn't mean the connection is to the Netherlands, it's to hardware made by a company that's in the Netherlands. 00:00:5E is registered to IANA - so I can make 2 conclusions: 1) You need to look to see where snoop found "DoD", because it's apparently confused. 2) Somebody on your net has an odd MAC address (since IANA doesn't make hardware...).. We'd really need to see more of the surrounding traffic in order to figure out what's going on. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040518/16862c95/attachment.bin
Powered by blists - more mailing lists