Logic in list messages WAS: Re: Odd log messages from ISC BIND named
VirginSnow at vfemail.net
VirginSnow at vfemail.net
Wed Feb 4 10:38:35 EST 2009
> Date: Wed, 4 Feb 2009 09:44:28 -0500
> From: Thomas Charron <twaffle at gmail.com>
> Cc: gnhlug-discuss at mail.gnhlug.org
> your saying, but how you got there is an awfully rocky road. For
> instance, you logic is flawed when it comes to it being perfectly
> logical that it would move to a different host after 100 packets.
If you're looking through a printed dictionary for a three-letter
word, you don't have to search through the whole dictionary. You can
stop when you reach "act", then go on and do something else.
> If it where indeed attempting that, it wouldn't cycle IPs at 100.
> To get a full sweep it would have done 256 queries.
Twiddling bits in the destination address wouldn't direct 256 packets
at liberty, because liberty (presumably) only has one public IP
address. Packets in which the IP is *constant* (ie, that of liberty)
and bits are being twiddled in the *domain name* are the only packets
which would reach liberty. That's exactly what Ben observed.
Besides, even if IP octets were being scanned as you seem to suggest,
the network and broadcast addresses (0 and 255 in the last octet)
wouldn't be searched. So, even then, there would only be 254
requests.
You might consider examining your logic before accusing others of
being illogical. ;)
More information about the gnhlug-discuss
mailing list