[TriLUG] OT: DNS reverse lookups

Sinner from the Prairy sinner at escomposlinux.org
Mon May 20 10:38:25 EDT 2002 

A Dilluns 20 Maig 2002 04:4316pm, Geoff Purdy va escriure:
> > > Do you think traffic from my IP address is being blocked by their
> > > firewall, or is there a better explanation I've overlooked?

> > I thinkt that the configuration of those ftp servers contain
> > "!nameserved" string in the addrglob entry. That is, if your IP
> > address cannot be resolved to your hostname, you are not allowed to
> > sue the service.

> Thanks for the clarification.  I may have phrased my original post
> poorly by intermingling two largely separate issues.  I'll try to
> re-state it more clearly.

> Given the following:
> 1)  I've had frequent problems with reverse lookups failing with our
> ISP 2)  Prior to attempting to access the FTP service on this
> particular server, I was able to access their HTTP server without any
> problems. 3)  Subsequent to attempting to access the FTP service, all
> traffic (FTP, HTTP, ping) recieves no response at all. 4)  All of
> these services are accessible from other hosts (i.e.
> fatalpha.trilug.org)

http access to ftp is different than ftp access. By deffinition, uses a 
different protocol. IIRC, the webserver is the ip address that does the 
ftp call, presenting you the results. So, in theory, you can get "ftp" 
access even if your host and IP resolve differently. The http server 
does not require to get a proper reverse dns on you.

Other hosts (fatalpha) resolve properly, so they are acessble.

> Is it common practice for a firewall's rules to be configured to in
> such a way that traffic which fails reverse lookup would be
> considered 'suspicious' (i.e. a DoS attack) and the firewall would
> subsequently block all traffic originating from that IP address?

It is possible. It can be mistaken as an attack (petitions by an 
unknown, potentially "rogue" IP), so some portsentry / prelude type of 
system can efefctively put your IP in a temporary black hole.

> As a separate issue, has anyone else had reverse lookups fail with
> Time Warner and, if so, can offer any tips on getting the issue
> resolved?

No idea. I use BellSouth

> I'm sure I'll get this figured out with TW eventually, I was just
> wondering if these were common problems.  Thanks in advance for any
> suggestions.

Hope this helps.


Salut,
Sinner
-- 
http://www.ibiblio.org/sinner/     Linux User # 89976
Running on Mandrake 8.2 - Kernel  2.4.18-6mdk     Linux Machine # 38068

More information about the TriLUG mailing list