mcast.net

Subject: mcast.net
From: Buddha (buddha@gci.net)
Date: Sun Dec 30 2001 - 12:17:08 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: arthur@corlissfamily.org: "Systems for sale (fwd)"
• Previous message: Mike Tibor: "Re: OT: hard drive diags"
• In reply to: root: "secure?!?!?"
• Next in thread: FeLoNiouS_MoNK: "Re: mcast.net"
• Reply: Buddha: "mcast.net"
• Reply: Buddha: "mcast.net"

Interesting...the mcast.net domain is owned by IANA

http://www.netsol.com/cgi-bin/whois/whois?STRING=mcast.net&SearchType=all&ST
RING2.x=30&STRING2.y=3

A check of the well known port listing at IANA shows port 42 to be used by
nameserver and the contact is postel@isi.edu. He's also listed as the
contact for a bunch of other ports too. Well, Mr. Postel died in 1998 so I
guess I can't email him and ask him the "why, what, where" of port 42.

http://www.isi.edu/div7/people/postel.home/

A search of Google revealed this document which states "Some multicast
addresses serve special purposes/services e.g.: 224.0.0.1
(or)ALL-SYSTEMS.MCAST.NET, is a group that includes all systems supporting
multicasting on the local subnet.

http://www.cs.ucsb.edu/~murat/TOOLS98.tutorial.pdf

The mystery continues....

-Jim "Buddha" McMorris

-----Original Message-----
From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org]On Behalf Of
root
Sent: Saturday, December 29, 2001 6:57 AM
To: 'aklug@aklug.org'
Subject: secure?!?!?

ok .. i have been lookin thru my security logs for my router and i keep
seeing this line:

3|Dec 26 01 |From:192.168.0. To:224.0.1.24|attack |block
| 06:15:32 |UDP src port:00042 dest port:00042 |ip spoofing |

when i dns this ip address i see its: 224.0.1.24 is MICROSOFT-DS.MCAST.NET
(224.0.1.24)

.. its a constant thing and im trying to figure out what is transmitting to
mcast. i run ps -aux | grep mcast .. but i dont see a mcast thats there ..
even when i do a netstat .. i dont see it. what is this .. its like almost
hour on the hour .. every day .. and i dont know where in my box its
originating, can someone help. p.s. i strive on how secure my boxen is...
but this thing although its blocced is really annoying me since i cant
figure out where it originates... after the wu-ftp thing and a couple of my
friends being arrested for "computer" crimes recently ... i need to figure
out what it is.... anywayz .. thanx in advance
p.s. im kinda buzzin from the E&J .. so excuse me if it gets confusing.. if
you need more info.. you can email me here or at rootnscape@netscape.net

------My other computer is you win box-------
      LiNuX or Fbsd?!? FeLoNiouS_MoNK

• Next message: arthur@corlissfamily.org: "Systems for sale (fwd)"
• Previous message: Mike Tibor: "Re: OT: hard drive diags"
• In reply to: root: "secure?!?!?"
• Next in thread: FeLoNiouS_MoNK: "Re: mcast.net"
• Reply: Buddha: "mcast.net"
• Reply: Buddha: "mcast.net"

This archive was generated by hypermail 2a23 : Sun Dec 30 2001 - 12:17:13 AKST