On Tue, Aug 03, 2004 at 05:23:16PM -0500, Frank Knobbe brazenly wrote: > hmm... I think it's a bit early to say that. After all, why doesn't it > contact other systems? Why would it have to recheck in the first place? > And why would it use a) a valid DNS query, b) and obscure, non-standard > SYN packet, and c) a DNS query *specifically* including the "pinged" > hosts' IP address in reverse notation? I strongly doubt that the F5 > engineers through *that* would be a good way to see if a host is still > alive.
BigIP does some weird things, I wouldn't put it past them in their idea of making things more efficient for users (and, conversely, more of a hassle for admins/infosec). > Even if, what would the BigIP gain from it? Nuttin' (as we say here in > TN :) This was originally brought up when people through windowsupdate was attacking them or hacked. http://slashdot.org/articles/03/08/15/1730200.shtml?tid=109&tid=126&tid=172&tid=187 http://lists.sans.org/pipermail/list/2002-January/034249.html This stuff SOUNDS similar in weird-oddity-nature. -- When little kids ask where rain comes from, I think a cute thing to tell him is "God is crying." And if he asks why God is crying, another cute things to tell him is "Probably because of something you did." - Jack Handy _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
