[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BANLkTinv2ap58WV297Ee-S9GaG49aXqB3Q@mail.gmail.com>
Date: Sat, 28 May 2011 06:13:06 -0700
From: t0hitsugu <tohitsugu@...il.com>
To: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: DoD ...and r57(!?)
Well I had a very strange situation a few hours ago, one that seems so
ridiculous that I keep hoping for a better explanation. So, to FD it goes!
Earlier I was in a late night coffee shop, one with wpa2 access. I was also
the last person there for the last hour and a half they were open; at least
according to network activity via nmap and wireshark.
I noticed my connection had suddenly slowed to a crawl and did a scan on
myself (running bt5 gnome 32) and was quite surprised to see I had around 18
open ports, most of them connected to a server with the ip of
26.195.181.202. Curious, I did a GET on one of them 33644 and saw the r57
spider pop up. I tried to ncat a couple more in hopes of getting a bind to
trace but they all closed shortly after.
According to wireshark, nmap and whois they werent being spoofed. The server
also happens to be registered to the DoD...lol.
Has anyone ever encountered something like this before? Seems a lot of
trouble youd be risking borrowing the address of a military/gov domain.
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists