At Fri Dec 26 22:31:27 2003, Gary Funck wrote: > > As far as 66.135.209.220 goes: > > # dig -x 220.209.135.66 +recursive
You're looking up the wrong IP address. If you reverse the octets, you must append ".in-addr.arpa" > Compare this to a legit IP (pointing to a machine named 'data') in ebay.com: > > # dig -x 66.135.195.180 +recursive You've got the IP address the right way round in this one. > Thus, it looks as if the spoofed ebay message originated at: > actkyo142066.adsl.ppp.infoweb.ne.jp nslookup of 66.135.209.220 returns: Name: mxsmfpool23.ebay.com Address: 66.135.209.220 nslookup of 220.209.135.66 returns: Name: actkyo142066.adsl.ppp.infoweb.ne.jp Address: 220.209.135.66 If you look up the correct IP, you see that it has an eBay address. Likewise, a whois lookup confirms eBay. [whois.arin.net] OrgName: eBay, Inc OrgID: EBAY Address: 2145 Hamilton Ave City: San Jose StateProv: CA PostalCode: 95008 Country: US NetRange: 66.135.192.0 - 66.135.223.255 CIDR: 66.135.192.0/19 .... Martin -- Martin Radford | "Only wimps use tape backup: _real_ [EMAIL PROTECTED] | men just upload their important stuff -o) Registered Linux user #9257 | on ftp and let the rest of the world /\\ - see http://counter.li.org | mirror it ;)" - Linus Torvalds _\_V ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
