Reverse lookup Firwall Hits

Archived from groups: comp.security.firewalls (More info?)

Greatly appreciate if anyone could help me understand these firewall
log entries.

I don't understand why they are being routed to my network as the
addresses (numerous log entries) do not represent my external or
internal address space.

We are getting hit with reverse look-ups of valid domains by a select
group of servers which seem to specifying the IANA or other corporate
nameservers. WebAir seems to be a major player.

Log snippets

Asked about DomainName for 230.77.42.69.in-addr.arpa. -- server
216.130.161.1 sent (230.77.42.69.in-addr.arpa. NS 69.42.77.8.) -
Nameserver name is invalid

Asked about Address for tsi.jccbi.gov. -- server 204.108.10.2 sent
(jccbi.gov. NS 204.108.10.2.) - Nameserver name is invalid


I feel like I am on someones recursion list or targeted as a dns ns
source.

Thanks for any insight.

Jeff
1 answer Last reply
More about reverse lookup firwall hits
  1. Archived from groups: comp.security.firewalls (More info?)

    On 10 Jun 2004 09:02:50 -0700, jmclaughlin@springsgov.com
    (mclaughlinj) wrote:

    >Greatly appreciate if anyone could help me understand these firewall
    >log entries.
    >
    >I don't understand why they are being routed to my network as the
    >addresses (numerous log entries) do not represent my external or
    >internal address space.
    >
    >We are getting hit with reverse look-ups of valid domains by a select
    >group of servers which seem to specifying the IANA or other corporate
    >nameservers. WebAir seems to be a major player.
    >
    >Log snippets
    >
    >Asked about DomainName for 230.77.42.69.in-addr.arpa. -- server
    >216.130.161.1 sent (230.77.42.69.in-addr.arpa. NS 69.42.77.8.) -
    >Nameserver name is invalid
    >
    >Asked about Address for tsi.jccbi.gov. -- server 204.108.10.2 sent
    >(jccbi.gov. NS 204.108.10.2.) - Nameserver name is invalid
    >
    >
    >I feel like I am on someones recursion list or targeted as a dns ns
    >source.
    >
    >Thanks for any insight.
    >
    >Jeff

    Jeff, I saw your post after I posted my description of a similar
    experience.

    My post is seven headers down at 6/10/04 11:29 pm

    Stan Hilliard
Ask a new question

Read More

Firewalls Networking