Reverse lookup Firwall Hits

• Previous message: kreiss: "Re: FW-1 and Sendmail"
• Next in thread: Stan Hilliard: "Re: Reverse lookup Firwall Hits"
• Reply: Stan Hilliard: "Re: Reverse lookup Firwall Hits"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 10 Jun 2004 09:02:50 -0700

Greatly appreciate if anyone could help me understand these firewall
log entries.

I don't understand why they are being routed to my network as the
addresses (numerous log entries) do not represent my external or
internal address space.

We are getting hit with reverse look-ups of valid domains by a select
group of servers which seem to specifying the IANA or other corporate
nameservers. WebAir seems to be a major player.

Log snippets

Asked about DomainName for 230.77.42.69.in-addr.arpa. -- server
216.130.161.1 sent (230.77.42.69.in-addr.arpa. NS 69.42.77.8.) -
Nameserver name is invalid

Asked about Address for tsi.jccbi.gov. -- server 204.108.10.2 sent
(jccbi.gov. NS 204.108.10.2.) - Nameserver name is invalid

I feel like I am on someones recursion list or targeted as a dns ns
source.

Thanks for any insight.

Jeff

• Previous message: kreiss: "Re: FW-1 and Sendmail"
• Next in thread: Stan Hilliard: "Re: Reverse lookup Firwall Hits"
• Reply: Stan Hilliard: "Re: Reverse lookup Firwall Hits"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]