RE: [Full-Disclosure] Strange ldap Behavior.

["Soderland, Craig" <craig.soderland@xxxxxxx>]

Understood, but why would this system be trying to make a connection there? I 
has no reason to be connecting and we just noticed it which raised a few 
questions. 



----------------------------------------------------
This mailbox protected from junk email by MailFrontier Desktop
from MailFrontier, Inc. http://info.mailfrontier.com

> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx [mailto:full-disclosure-
> admin@xxxxxxxxxxxxxxxx] On Behalf Of Simon Hailstone
> Sent: Tuesday, May 18, 2004 10:39 AM
> To: full-disclosure@xxxxxxxxxxxxxxxx
> Cc: Soderland, Craig
> Subject: RE: [Full-Disclosure] Strange ldap Behavior.
> 
> 
> >Guys,
> >
> > I did a snoop from our tech sandbox (xxxxxx) to port 389 using
> > the following command: 'snoop -v port 389' (without the quotes).
> > The attached file shows a segment of the results. Notice the line:
> >
> >      ETHER:  Destination = 0:0:5e:0:1:1, U.S. Department of Defense
> > (IANA)
> >
> > Why should a connection be made to US Dept. of Defense? Any Ideas?
> 
> 
> Hi Craig,
> 
> Ethernet OUI's are maintained by the IEEE, rather than IANA :
> 
> http://standards.ieee.org/regauth/oui/oui.txt
> 
> 0:0:5E is registered to :
> 
> 00-00-5E   (hex)              USC INFORMATION SCIENCES INST
> 00005E     (base 16)          USC INFORMATION SCIENCES INST
>                               INTERNET ASS'NED NOS.AUTHORITY
>                               4676 ADMIRALTY WAY
>                               MARINA DEL REY CA 90292-6695
> 
> Best Regards,
> Simon Hailstone
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html