[TriLUG] OT: DNS reverse lookups
21 May 2002 20:56:51 -0400
On Mon, 2002-05-20 at 10:38, Sinner from the Prairy wrote:
> http access to ftp is different than ftp access. By deffinition, uses a
> different protocol. IIRC, the webserver is the ip address that does the
> ftp call, presenting you the results. So, in theory, you can get "ftp"
> access even if your host and IP resolve differently. The http server
> does not require to get a proper reverse dns on you.
Interesting, I didn't realize http access to ftp was any different. I
had always assumed they were seen as the same by the server. Good thing
to keep in mind if we have DNS problems in the future.
> > Is it common practice for a firewall's rules to be configured to in
> > such a way that traffic which fails reverse lookup would be
> > considered 'suspicious' (i.e. a DoS attack) and the firewall would
> > subsequently block all traffic originating from that IP address?
> It is possible. It can be mistaken as an attack (petitions by an
> unknown, potentially "rogue" IP), so some portsentry / prelude type of
> system can efefctively put your IP in a temporary black hole.
We got the problem resolved today. It turned out that our ISP didn't
have our TLD in DNS. This caused our requests (which failed reverse DNS
lookup) being blocked by the site I was trying to access. The site
admin was kind enough to un-block us once we explained the situation.
Thanks for your help on this and a special thanks for giving that
security talk at our Aug. 01 meeting. Recalling some of the things you
mentioned in your presentation was a great help in getting this