Firewall Log: DoS Attack Blocked...from NASA?

SoCo_and_Lime

Just checked my firewall log on my router, showing a bunch of blocked DoS attacks. After running an IP lookup on several of the entries, mostly just random shit, one came back to something interesting:

NASA?

I've probably been to this site, or something off of it, VIA Stumble at some point.

I have a very vague understanding of this shit but could use some actual insight/advice/etc. Does any of this seem strange or mean anything?

TechBoy

It's really easy to spoof IP headers and in the case of DoS attacks it's pretty much standard practice to make the attacks look like they're coming from all sort of random places.

It's either completely random that NASA's ip was one of the sources, or whomever is DoSing you decided to spoof with real, legitimate websites.

SoCo_and_Lime

TechBoy wrote: »

It's really easy to spoof IP headers and in the case of DoS attacks it's pretty much standard practice to make the attacks look like they're coming from all sort of random places.

It's either completely random that NASA's ip was one of the sources, or whomever is DoSing you decided to spoof with real, legitimate websites.

Yeah that's about what I figured

DirtyDirtyVagrant

I'm not really up on my network security yet. Can you get a mac address?

MKR

DirtyDirtyVagrant wrote: »

I'm not really up on my network security yet. Can you get a mac address?

MAC addresses are pretty much node to ISP (or within the same local network) and don't go out over the interwebs.

And it's also possible that NASA either has a compromised system or someone was doing a very poorly thought out experiment. You might want to e-mail them and ask.

embrik

MKR wrote: »

DirtyDirtyVagrant wrote: »

I'm not really up on my network security yet. Can you get a mac address?

MAC addresses are pretty much node to ISP (or within the same local network) and don't go out over the interwebs.

And it's also possible that NASA either has a compromised system or someone was doing a very poorly thought out experiment. You might want to e-mail them and ask.

Yeah, MAC addresses are not routeable. They're layer 2 addressing, used on the same network segment.

MKR

I forgot pretty much all of the OSI model when I finished school. Perhaps I should rectify that.

underdonk

MKR wrote: »

I forgot pretty much all of the OSI model when I finished school. Perhaps I should rectify that.

http://en.wikipedia.org/wiki/OSI_model

Probably spoofed, but it would be considered polite and appropriate to report it to them.

midgetspy

It's entirely possible that a NASA box is rooted and operating as a bot for somebody - NASA isn't some special computer fortress or anything (especially their public computers like that web server). I've seen many bots running off NASA shells on IRC over the years, so I'd definitely email them and let them know exactly what you received and when from that IP.

underdonk

midgetspy wrote: »

It's entirely possible that a NASA box is rooted and operating as a bot for somebody - NASA isn't some special computer fortress or anything (especially their public computers like that web server). I've seen many bots running off NASA shells on IRC over the years, so I'd definitely email them and let them know exactly what you received and when from that IP.

This is true.

We actually saw traffic from them (and the Army) during the early hours of the Nimda outbreak.

Dog

They're on to you.

You need to move the specimen to a more secure location.

Zampanov

robothero wrote: »

They're on to you.

You need to move the specimen to a more secure location.

Dude. Dude.

Ixnay on the ecimenspay.