25 Jul
2018
25 Jul
'18
11:44 p.m.
On Tue, 24 Jul 2018, Michael Grant wrote:
However, it would definitely save me a step in figuring out where someone was logged in from to know if it?s legit.
Or not. The IP address being logged is reliable, the PTR lookup is in the hands of that zone's DNS operators, who could spoof any FQDN they want. If you're concentrating on one/few case(s), it's worth deep diving. If you're analyzing an entire log file, use a script.
Joseph Tam jtam.home@gmail.com