IPs in the facebook.com domain accessing OpenSBD firewall

Siju George Thu, 17 May 2012 04:55:47 -0700

Hi,

This traffic is blocked on the external interface of the firewall.


May 17 11:34:56.013614 rule 7/(match) block in on em1:
66.220.151.124.47369 > xxx.yyy.ddd.zzz.53: 58106 NS? . (19)
May 17 11:34:56.763086 rule 7/(match) block in on em1:
66.220.151.124.47369 > xxx.yyy.ddd.zzz.53: 58107 NS? . (19)
May 17 11:34:57.513318 rule 7/(match) block in on em1:
66.220.151.124.47369 > xxx.yyy.ddd.zzz.53: 58108 NS? . (19)

May 17 11:45:37.720155 rule 7/(match) block in on em1: 69.171.243.241
> xxx.yyy.ddd.zzz: icmp: echo request
May 17 11:45:39.213492 rule 7/(match) block in on em1:
69.171.243.241.52370 > xxx.yyy.ddd.zzz.53: 33246 NS? . (19)

May 17 11:49:39.746886 rule 7/(match) block in on em1: 69.171.228.232
> xxx.yyy.ddd.zzz: icmp: echo request
May 17 11:49:41.242588 rule 7/(match) block in on em1:
69.171.228.232.59470 > xxx.yyy.ddd.zzz.53: 33554 NS? . (19)

xxx.yyy.ddd.zzz  is our firewall IP

66.220.151.124, 69.171.243.241, 69.171.228.232 are IPs from
facebook.com domain as ip2location reports.


Why should facebook servers access my firewall?
They ping my firewall and try to use our internal DNS server DNS
server which is not mentioned in any public NS record?
I wonder if these machines in the facebook.com domain are infected
with some malware bots?
Oris it part of their security checks or something? Any body any idea?

Thanks

Siju

IPs in the facebook.com domain accessing OpenSBD firewall

Reply via email to