Re: mcast.net

Subject: Re: mcast.net
From: Jim Gribbin (jgribbin@alaska.net)
Date: Mon Dec 31 2001 - 09:39:56 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Greg Jetter: "New issue of Frozen-north out today"
• Previous message: Neil Moomey: "Re: OT: HTML help"
• In reply to: FeLoNiouS_MoNK: "Re: mcast.net"
• Reply: Jim Gribbin: "Re: mcast.net"
• Reply: Jim Gribbin: "Re: mcast.net"

I don't know if it has any bearing on this but, mcast is available in
the Linux kernel (under networking options) and appears to be turned on
by default in my RH2.4.2 kernel.

At least I don't remember turning it on. They probably think I'll want
to stream mp3s or videos to multiple computers on my network.

Jim

On Sun, 2001-12-30 at 00:20, FeLoNiouS_MoNK wrote:
>
> umm.. ?!?!?!??!?
>
>
> Welcome to the new world order... where a lame web page defacement gets
> you 30 years in prison......
>
> FeLoNiouS_MoNK aka CodeRED
>
> Buddha wrote:
>
> >Interesting...the mcast.net domain is owned by IANA
> >
> >http://www.netsol.com/cgi-bin/whois/whois?STRING=mcast.net&SearchType=all&ST
> >RING2.x=30&STRING2.y=3
> >
> >A check of the well known port listing at IANA shows port 42 to be used by
> >nameserver and the contact is postel@isi.edu. He's also listed as the
> >contact for a bunch of other ports too. Well, Mr. Postel died in 1998 so I
> >guess I can't email him and ask him the "why, what, where" of port 42.
> >
> >http://www.isi.edu/div7/people/postel.home/
> >
> >A search of Google revealed this document which states "Some multicast
> >addresses serve special purposes/services e.g.: 224.0.0.1
> >(or)ALL-SYSTEMS.MCAST.NET, is a group that includes all systems supporting
> >multicasting on the local subnet.
> >
> >http://www.cs.ucsb.edu/~murat/TOOLS98.tutorial.pdf
> >
> >
> >The mystery continues....
> >
> >-Jim "Buddha" McMorris
> >
> >-----Original Message-----
> >From: aklug-bounce@aklug.org [mailto:aklug-bounce@aklug.org]On Behalf Of
> >root
> >Sent: Saturday, December 29, 2001 6:57 AM
> >To: 'aklug@aklug.org'
> >Subject: secure?!?!?
> >
> >
> >
> >ok .. i have been lookin thru my security logs for my router and i keep
> >seeing this line:
> >
> >3|Dec 26 01 |From:192.168.0. To:224.0.1.24|attack |block
> >| 06:15:32 |UDP src port:00042 dest port:00042 |ip spoofing |
> >
> >when i dns this ip address i see its: 224.0.1.24 is MICROSOFT-DS.MCAST.NET
> >(224.0.1.24)
> >
> >.. its a constant thing and im trying to figure out what is transmitting to
> >mcast. i run ps -aux | grep mcast .. but i dont see a mcast thats there ..
> >even when i do a netstat .. i dont see it. what is this .. its like almost
> >hour on the hour .. every day .. and i dont know where in my box its
> >originating, can someone help. p.s. i strive on how secure my boxen is...
> >but this thing although its blocced is really annoying me since i cant
> >figure out where it originates... after the wu-ftp thing and a couple of my
> >friends being arrested for "computer" crimes recently ... i need to figure
> >out what it is.... anywayz .. thanx in advance
> >p.s. im kinda buzzin from the E&J .. so excuse me if it gets confusing.. if
> >you need more info.. you can email me here or at rootnscape@netscape.net
> >
> >------My other computer is you win box-------
> > LiNuX or Fbsd?!? FeLoNiouS_MoNK
> >
> >
> >
> >
> >
> >
> >
> >
>
>
>
>

• Next message: Greg Jetter: "New issue of Frozen-north out today"
• Previous message: Neil Moomey: "Re: OT: HTML help"
• In reply to: FeLoNiouS_MoNK: "Re: mcast.net"
• Reply: Jim Gribbin: "Re: mcast.net"
• Reply: Jim Gribbin: "Re: mcast.net"

This archive was generated by hypermail 2a23 : Mon Dec 31 2001 - 09:56:02 AKST