IPs in the facebook.com domain accessing OpenSBD firewall
Hi, This traffic is blocked on the external interface of the firewall. May 17 11:34:56.013614 rule 7/(match) block in on em1: 66.220.151.124.47369 xxx.yyy.ddd.zzz.53: 58106 NS? . (19) May 17 11:34:56.763086 rule 7/(match) block in on em1: 66.220.151.124.47369 xxx.yyy.ddd.zzz.53: 58107 NS? . (19) May 17 11:34:57.513318 rule 7/(match) block in on em1: 66.220.151.124.47369 xxx.yyy.ddd.zzz.53: 58108 NS? . (19) May 17 11:45:37.720155 rule 7/(match) block in on em1: 69.171.243.241 xxx.yyy.ddd.zzz: icmp: echo request May 17 11:45:39.213492 rule 7/(match) block in on em1: 69.171.243.241.52370 xxx.yyy.ddd.zzz.53: 33246 NS? . (19) May 17 11:49:39.746886 rule 7/(match) block in on em1: 69.171.228.232 xxx.yyy.ddd.zzz: icmp: echo request May 17 11:49:41.242588 rule 7/(match) block in on em1: 69.171.228.232.59470 xxx.yyy.ddd.zzz.53: 33554 NS? . (19) xxx.yyy.ddd.zzz is our firewall IP 66.220.151.124, 69.171.243.241, 69.171.228.232 are IPs from facebook.com domain as ip2location reports. Why should facebook servers access my firewall? They ping my firewall and try to use our internal DNS server DNS server which is not mentioned in any public NS record? I wonder if these machines in the facebook.com domain are infected with some malware bots? Oris it part of their security checks or something? Any body any idea? Thanks Siju
Re: IPs in the facebook.com domain accessing OpenSBD firewall
Most likely that someone posted a link to a resource in your domain, and your DNS appears to be an authoritative for that zone. Sounds quite realistic. There on facebook might be some kind of parser trying to retreive a preview for the link or something similar... Anyway, have a look at the DNS server's logs - what exactly do they whant from you? =) .. or Zuckerberg must become bored to death =) 17.05.2012 15:50, Siju George P=P0P?P8QP0P;: Why should facebook servers access my firewall? -- Best regards, Pavel Shvagirev skype: pavel.shvagirev
Re: IPs in the facebook.com domain accessing OpenSBD firewall
I wonder if these machines in the facebook.com domain are infected with some malware bots? Facebook *is* a malware bot:) Let the request through and log what it tries to do next, this could be quite a story. -- p
Re: IPs in the facebook.com domain accessing OpenSBD firewall
Didn't take into account that you do not publish the DNS. That fact makes my assumption wrong. Really, go and log the requests! =) 17.05.2012 15:50, Siju George P=P0P?P8QP0P;: This traffic is blocked on the external interface of the firewall. -- Best regards, Pavel Shvagirev skype: pavel.shvagirev
Re: IPs in the facebook.com domain accessing OpenSBD firewall
http://meetings.ripe.net/ripe-52/presentations/ripe52-plenary-dnsamp.pdf
Re: IPs in the facebook.com domain accessing OpenSBD firewall
On Thu, May 17, 2012 at 7:31 PM, Jonathan Gray j...@jsg.id.au wrote: http://meetings.ripe.net/ripe-52/presentations/ripe52-plenary-dnsamp.pdf Thankyou so much :-) Siju