Re: mcast.net

Subject: Re: mcast.net
From: FeLoNiouS_MoNK (codered@gci.net)
Date: Sun Dec 30 2001 - 00:20:24 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Tom: "Re: Palm <> Linux"
• Previous message: Bryan Medsker: "Re: OT: hard drive diags"
• In reply to: Buddha: "mcast.net"
• Next in thread: Jim Gribbin: "Re: mcast.net"
• Reply: FeLoNiouS_MoNK: "Re: mcast.net"
• Reply: FeLoNiouS_MoNK: "Re: mcast.net"

umm.. ?!?!?!??!?

Welcome to the new world order... where a lame web page defacement gets
you 30 years in prison......

FeLoNiouS_MoNK aka CodeRED

Buddha wrote:

>Interesting...the mcast.net domain is owned by IANA
>
>http://www.netsol.com/cgi-bin/whois/whois?STRING=mcast.net&SearchType=all&ST
>RING2.x=30&STRING2.y=3
>
>A check of the well known port listing at IANA shows port 42 to be used by
>nameserver and the contact is postel@isi.edu. He's also listed as the
>contact for a bunch of other ports too. Well, Mr. Postel died in 1998 so I
>guess I can't email him and ask him the "why, what, where" of port 42.
>
>http://www.isi.edu/div7/people/postel.home/
>
>A search of Google revealed this document which states "Some multicast
>addresses serve special purposes/services e.g.: 224.0.0.1
>(or)ALL-SYSTEMS.MCAST.NET, is a group that includes all systems supporting
>multicasting on the local subnet.
>
>http://www.cs.ucsb.edu/~murat/TOOLS98.tutorial.pdf
>
>
>The mystery continues....
>
>-Jim "Buddha" McMorris
>
>-----Original Message-----
>From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org]On Behalf Of
>root
>Sent: Saturday, December 29, 2001 6:57 AM
>To: 'aklug@aklug.org'
>Subject: secure?!?!?
>
>
>
>ok .. i have been lookin thru my security logs for my router and i keep
>seeing this line:
>
>3|Dec 26 01 |From:192.168.0. To:224.0.1.24|attack |block
>| 06:15:32 |UDP src port:00042 dest port:00042 |ip spoofing |
>
>when i dns this ip address i see its: 224.0.1.24 is MICROSOFT-DS.MCAST.NET
>(224.0.1.24)
>
>.. its a constant thing and im trying to figure out what is transmitting to
>mcast. i run ps -aux | grep mcast .. but i dont see a mcast thats there ..
>even when i do a netstat .. i dont see it. what is this .. its like almost
>hour on the hour .. every day .. and i dont know where in my box its
>originating, can someone help. p.s. i strive on how secure my boxen is...
>but this thing although its blocced is really annoying me since i cant
>figure out where it originates... after the wu-ftp thing and a couple of my
>friends being arrested for "computer" crimes recently ... i need to figure
>out what it is.... anywayz .. thanx in advance
>p.s. im kinda buzzin from the E&J .. so excuse me if it gets confusing.. if
>you need more info.. you can email me here or at rootnscape@netscape.net
>
>------My other computer is you win box-------
> LiNuX or Fbsd?!? FeLoNiouS_MoNK
>
>
>
>
>
>
>
>

• Next message: Tom: "Re: Palm <> Linux"
• Previous message: Bryan Medsker: "Re: OT: hard drive diags"
• In reply to: Buddha: "mcast.net"
• Next in thread: Jim Gribbin: "Re: mcast.net"
• Reply: FeLoNiouS_MoNK: "Re: mcast.net"
• Reply: FeLoNiouS_MoNK: "Re: mcast.net"

This archive was generated by hypermail 2a23 : Mon Dec 31 2001 - 00:28:45 AKST