Vanja Hrustic wrote: > > Small & silly problem. > > Intranet ==> DNS ==> Intenet > > In this case, DNS is the machine that has assigned 'normal' IP address > (visible/accessible from Internet), and is used to resolve Internet > addresses for Intranet users. Humm, does this host also have an NS record entry with the InterNIC or within your SOA? I ask because you say "is used to resolve Internet addresses". It is not clear if this means: 1) Only internal hosts use it for name resolution 2) Everyone (Internet) uses it for DNS resolution > The question. > > Is there any reason why DNS server should accept connections at port 53 > (tcp or/and udp) from the 'outer' world? As much as I can understand, there > is no need. But... I ask, just to make sure :) If you are running under option #1 above *and* the system has no InterNIC or SOA NS record, then no you should not need to accept connections to this machine. What you are probably seeing are the obnoxious reverse connections a number of sites like DoubleClick are using these days in order to zone in on your physical location. You may also see connection attempts to the TCP-Echo port of your name server. Speaking of which, has anyone noticed what Altavista has been up to these days? If you have a DoubleClick cookie entry, try the following: 1) Go to http://www.altavista.com 2) Enter a search string 3) Sniff the outbound connection What you will see is the local system creating a connection to http://ad.doubleclick.net/adi/altivista.digital.com/ in order to send the following string: result_front;kw=all+search+words+you+entered;ord=nine_digit_ID_number I still need to get my ducks lined up on this one, but I believe the "odr" number is your DoubleClick ID/Cookie number. If this is true, then Altavista is reporting to DoubleClick any searches you perform on their site. Scary stuff. I have not seen this with any other major search engine. I'm also curious if anyone has seen this type of activity when they place an on-line order. The possibilities get really scary if you add personal information to the data that DoubleClick is already collecting. And to think we where worried about the government becoming "Big Brother". ;) Just wondering if anyone else has played around with this stuff and can confirm or deny. Cheers, Chris -- ************************************** [EMAIL PROTECTED] * Multiprotocol Network Design & Troubleshooting http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet * Mastering Network Security http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
