I seriously doubt that is a CIA round robin DNS address of the CIA. Looks like you
just had a redirect from his(or her) web server, which pointed you to the cia. Simple
as that. Report the scan to speakeasy.net
C:\Documents and Settings\Administrator>nslookup www.cia.gov
Server: ns2.guarded.net
Address: 64.221.103.38
Non-authoritative answer:
Name: www.odci.gov
Address: 198.81.129.100
Aliases: www.cia.gov
C:\Documents and Settings\Administrator>
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wed 1/30/2002 10:41 AM
To: [EMAIL PROTECTED]
Cc:
Subject: what's the real address?
Hello,
I received a medium sized ftp scan from address 64.81.213.144 to my
subnet. Doing a traceroute resolved the IP to
dsl081-213-144.nyc2.dsl.speakeasy.net. A quick nmap scan showed port 80 to
be open.. But when I typed the IP into my browser, I was taken immediately
to www.cia.gov. Performing a tracert from a win machine brought up the
same speakeasy.net host. But using NeoTrace (graphical win trace route
tool) that IP resolved to www.odci.gov, which takes you to the cia.gov web
page.. What gives?
Cavell McDermott
Domino Admin
APW Ltd. - Texas Campus
214-343-1400 - Main
214-355-2022 - Direct
214-341-9950 - Fax
http://www.apw.com
