No, you are correct, I wasnt :/ Kismet would have been a good idea..it just happened so fast I was goingwith the first thoughts in my mind.
Whoever it was must have been very disappointed..nothing on my box anyone would want as I just formatted it for bt. One possibility is someone with a tmobile phone using a debian chroot was nearby, as they happen to share the same ip...I need to recheck the packet headers > On May 28, 2011 2:10 PM, "coderman" <[email protected]> wrote: > > On Sat, May 28, 2011 at 6:13 AM, t0hitsugu <[email protected]> wrote: > >>... > >> I noticed my connection had suddenly slowed to a crawl and did a scan on > >> myself (running bt5 gnome 32) and was quite surprised to see I had around 18 > >> open ports, most of them connected to a server with the ip of > >> 26.195.181.202. Curious, I did a GET on one of them 33644 and saw the r57 > >> spider pop up. I tried to ncat a couple more in hopes of getting a bind to > >> trace but they all closed shortly after. > >> > >> According to wireshark, nmap and whois they werent being spoofed. The server > >> also happens to be registered to the DoD...lol. > >> > >> Has anyone ever encountered something like this before? Seems a lot of > >> trouble youd be risking borrowing the address of a military/gov domain. > > > > > > how do you know they weren't being spoofed? a local attacker on > > wireless can pretend to be any endpoint in your path. > > > > bet you weren't watching arp tables. (static arp; an oldie but goodie...) > > > > wpa2 is a fig leaf, and wifi carries far beyond the walls of your > > coffee shop. you need kismet not wireshark for these situations.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
