Re: ISP and DNS port scanning!
On Tue, Nov 18, 2003 at 09:39:40PM -0600, Rthoreau wrote:
> > On Tue, Nov 18, 2003 at 10:50:02PM +0000, Antony Gelberg wrote:
>
> > >Looks like a ping (ICMP type 8). Where do you get port scanning from?
> > >FWIW, I think that blocking pings via a firewall isn't recommended, but
> > >not sure why.
>
> Jon wrote:
>
> > It does not provide any kind of security or protection what-so-ever,
> > whilst removing the proper way of other people / you from elsewhere
> > determining if your connection is working ok.
>
> --
> > Jon Dowland
> > http://jon.dowland.name/
>
> What you have all said still does not sync, when I look at the Notes provided
> in my log I can see what you mean it is a type 8 icmp code 0. Or whatever you
> say that means, but the destination is another DNS server.
>
> This is a line taken from my my log again.
> 11/18/2003 14:53:24 Firewall default policy: ICMP (W to W/ZW, type:8,
> code:0) 66.61.104.72 66.61.118.206 ACCESS BLOCK 14
>
> Ok like I mentioned in my first post if I do a Arin Whois on address
> 66.61.104.72 it tells me it is a DNS block. When I do a Arin Whois on the
> destination 66.61.118.206 it is another DNS block, both happen to belong to
> my ISP but in different cities. My cable modem action light is almost always
> solid orange, which tells me I have a busy link even if I am not using the
> net.
>
> So why am I getting pinged by a DNS server? Why are all the destinations
> reported by my router log points to another DNS server?
You're confused. All the whois tells you is that that the IP address
belongs to an ISP. ISPs take large blocks of addresses to allocate to
their clients. Nowhere does it say that the pinging host is a DNS
server.
A
Reply to: