DNS? What DNS?

This has never happened before and in light light of this morning's news 
about the DDOS I was wondering if it is just my machine or if something 
else is going on.

Background:
A firewall on one of my machines blocked IE from getting to the net.  I 
wanted to trace where it was planning to go to (207.188.24.150)to figure 
out if this was just XP again or something else.

I tried Neo Trace and PC Helps "Net Tracer"  but neither can track it. 
All I get is "undetermined" or "timed out"

Robin
0
Robin
10/23/2002 9:29:00 PM
grc.security 16608 articles. 1 followers. Follow

9 Replies
644 Views

Similar Articles

[PageSpeed] 42

In article <3DB714A2.7050902@twcny.rr.com>, omerus@twcny.rr.com says...
> This has never happened before and in light light of this morning's news 
> about the DDOS I was wondering if it is just my machine or if something 
> else is going on.
> 
> Background:
> A firewall on one of my machines blocked IE from getting to the net.  I 
> wanted to trace where it was planning to go to (207.188.24.150)to figure 
> out if this was just XP again or something else.

$ whois 207.188.24.150

OrgName:    RealNetworks, Inc.
OrgID:      REAL

NetRange:   207.188.0.0 - 207.188.31.255

Since you can't traceroute to it, I would assume they are blocking icmp.
Not too unusual.
-- 
Bloated Elvis
0
bloated
10/23/2002 9:36:00 PM
"Robin" <omerus@twcny.rr.com> wrote in message
news:3DB714A2.7050902@twcny.rr.com...
 wanted to trace where it was planning to go to (207.188.24.150)to
figure

Hi Robin,

in case this helps, IP lookup below.

HiMan

http://packetderm.cotse.com/cgi-bin/lookuptools

Hostname: No Reverse DNS Entries
IP Address: 207.188.24.150
Decimal Address: 3485210774
---------------------------Whois Results---------------------------


---------------------------Arin Results---------------------------


OrgName:    RealNetworks, Inc.
OrgID:      REAL

NetRange:   207.188.0.0 - 207.188.31.255
CIDR:       207.188.0.0/19
NetName:    PROGNET-REAL
NetHandle:  NET-207-188-0-0-1
Parent:     NET-207-0-0-0-0
NetType:    Direct Allocation
NameServer: BENNY.PROGNET.COM
NameServer: RUGBUG.PROGNET.COM
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate:    1999-02-22
Updated:    2001-06-20

TechHandle: IR57-ARIN
TechName:   RealNetworks, Inc.
TechPhone:  +1-206-892-6737
TechEmail:  net-admin@real.com
0
HiMan
10/23/2002 9:40:00 PM
Thanks for that. I'll save the link.
Why neither program found that will remain a mystery.

Robin
0
Robin
10/23/2002 10:14:00 PM
"Robin" <omerus@twcny.rr.com> wrote in message
news:3DB71F34.5090706@twcny.rr.com...

Hi Robin,

> Thanks for that. I'll save the link.

You are welcome.

> Why neither program found that will remain a mystery.

Most likely, as bloated elvis said "I would assume they are blocking
icmp".

HiMan
0
HiMan
10/24/2002 1:16:00 AM

HiMan wrote:

> Most likely, as bloated elvis said "I would assume they are blocking
> icmp".

:-D  "Incoming message Packets" right?  I'm a bit slow.
(I'll get the hang of this yet) Thanks Elvis.
Robin
0
Robin
10/24/2002 10:34:00 AM
Robin <omerus@twcny.rr.com> wrote:
> HiMan wrote:
>
>> Most likely, as bloated elvis said "I would assume they are blocking
>> icmp".
>
> :-D  "Incoming message Packets" right?  I'm a bit slow.
> (I'll get the hang of this yet) Thanks Elvis.
> Robin

http://www.iana.org/assignments/icmp-parameters

-- 
Robert
List of Lists - http://lists.gpick.com/
Eric Howe's Privacy and Security Site -
http://www.staff.uiuc.edu/~ehowes/main-nf.htm
0
Robert
10/24/2002 1:33:00 PM
"bloated elvis" <thel8elvis@hotmail.com > wrote:

> $ whois 207.188.24.150
> Since you can't traceroute to it, I would assume they are blocking icmp.



08:09:14 PDT (-0700)  Thu Oct 24, 2002  from davespeed.com server in Fremont, CA
 1. router (66.40.240.1)  0.199 ms
 2. 209.25.128.70 (209.25.128.70)  0.876 ms
 3. 66.40.24.69 (66.40.24.69)  0.451 ms
 4. 209.25.214.182 (209.25.214.182)  0.843 ms
 5. paix.eli.net (198.32.176.27)  1.342 ms
 6. p7-0.cr01.sntd.eli.net (207.173.114.137)  1.345 ms
 7. p9-0.cr02.rcrd.eli.net (207.173.114.58)  5.124 ms
 8. srp3-0.cr01.rcrd.eli.net (208.186.20.241)  5.084 ms
 9. p9-0.cr02.ptld.eli.net (207.173.115.41)  19.209 ms
10. srp3-0.cr02.tkwl.eli.net (208.186.21.4)  23.761 ms
11. srp0-0-0.gw01.sttl.eli.net (208.186.20.37)  24.312 ms
12. gw2-cust-REAL-COM.sttl.eli.net (216.190.160.6)  23.372 ms
13. 207.188.25.81 (207.188.25.81)  22.583 ms
14. 207.188.24.150 (207.188.24.150)  24.617 ms

Trace complete.
------------------------------------------------------
Joe
0
Joe
10/24/2002 3:16:00 PM
In article <ap92rd$26a0$1@news.grc.com>, i386@usa.net says...
> "bloated elvis" <thel8elvis@hotmail.com > wrote:
> 
> > $ whois 207.188.24.150
> > Since you can't traceroute to it, I would assume they are blocking icmp.

windows based traceroute uses icmp:
C:\>tracert -d 207.188.24.150

Tracing route to 207.188.24.150 over a maximum of 30 hop

  1    11 ms   <10 ms    10 ms  208.48.31.254
  2   <10 ms    10 ms    10 ms  64.213.176.85
  3   <10 ms    10 ms    10 ms  206.132.113.133
  4    30 ms    30 ms    10 ms  64.215.195.13
  5    10 ms   <10 ms    10 ms  208.51.6.34
  6   <10 ms    10 ms    10 ms  129.250.5.20
  7    10 ms    10 ms   <10 ms  129.250.2.74
  8    10 ms    10 ms    20 ms  129.250.5.15
  9    30 ms    30 ms    30 ms  129.250.5.102
 10    30 ms    30 ms    30 ms  129.250.5.70
 11    30 ms    30 ms    30 ms  129.250.5.76
 12    80 ms    90 ms    80 ms  129.250.2.6
 13   550 ms   471 ms   421 ms  129.250.31.145
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.

*nix based with UDP:

gilligan:~# traceroute -n 207.188.24.150
traceroute to 207.188.24.150 (207.188.24.150), 30 hops max, 38
 1  208.48.31.254  6.087 ms  3.263 ms  11.516 ms
 2  64.213.176.85  41.037 ms  9.058 ms  4.612 ms
 3  206.132.113.133  10.296 ms  11.332 ms  -7.354 ms
 4  64.215.195.13  18.211 ms  -16.848 ms  15.512 ms
 5  208.51.6.34  -0.979 ms  14.562 ms  -9.396 ms
 6  129.250.5.20  17.887 ms  -7.625 ms  18.763 ms
 7  129.250.2.74  1.093 ms  9.822 ms  10.025 ms
 8  129.250.5.15  9.822 ms  10.889 ms  10.204 ms
 9  129.250.5.102  18.714 ms  29.934 ms  29.874 ms
10  129.250.5.70  29.966 ms  29.852 ms  19.929 ms
11  129.250.5.76  29.961 ms  29.860 ms  29.952 ms
12  129.250.2.6  79.573 ms  89.844 ms  79.928 ms
13  129.250.31.145  79.890 ms  90.087 ms  79.782 ms
14  204.202.108.42  89.885 ms  79.880 ms  79.963 ms
15  207.188.24.150  89.935 ms  79.909 ms  79.930 ms


As I said, they are probably blocking ICMP,which is why *he* couldn't 
traceroute to it.

-- 
Bloated Elvis
0
bloated
10/24/2002 3:40:00 PM
I learned something new.  Thanks for not laughing !
Robin
0
Robin
10/24/2002 8:14:00 PM
Reply:

Similar Artilces:

DNS UP
Hi We are running 2 BM (3.8) Proxies and until today they have been operating reasonably well. Today we have started getting a lot of 504 errors on workstations using either both servers, looking at the proxy DNS page (on both servers) the DNS links are continually going up and down (like our internet) We have 3 DNS servers entered 2 external and 1 internal. I have tested from outside the BM Servers $and know the 2 external DNS servers are working fine (also no one else who use our provider have an issue). The internal DNS also seems fime. We have not made any changes to th...

DNS security patch
Hi, running NW65SP7. I see since Aug 8th (TID#5032400) the security patch for the popular DNS issues has now been posted. What I'm wondering about is it necessary to post this to your server if your DNS is only used for internal queries? That is the DNS cannot be queried from outside the firewall? If not needed when an internal DNS only, then I won't bother installing and risking my environment, since there's no other fix mentioned in the release. Cheers James Jjb, > That is the DNS cannot be queried from outside the > firewall? Do you trust t...

DNS question for security (DMZ, Private and ISP DNS _
My customer DNS (two WIN 2000 AD) in the private will forward request to IIS 5 DNS in the DMZ. When registering the domain of the customer, would you use the ISP DNS for the customer'domain 2 DNS? Or you would use the DMZ'DNS Server in the DMZ and the ISP DNS for the secondary ??? I'm concerned about security.... JF Unless your customer has an arrangement for the ISP to host their public DNS, then it will do no good to have the ISP's DNS servers listed in the domain registry. Security wise, it would be better to have 2 dedicated DNS servers operating in s...

DNS SECURITY ALGORITHM NUMBERS DNS KEY and SIG RRs
DNS SECURITY ALGORITHM NUMBERS DNS KEY and SIG RRs [RFC2535] use an 8-bit number used to identify the security algorithm being used: Number DescriptionReference --------- ------------------------------ --------- 0 Reserved 1 RSA/MD5 [RFC2537,RFC1321] deprecated, see 5 2 Diffie-Hellman [RFC2539] 3 DSA/SHA1 [RFC2536,DSA,SHA-1] 4 Reserved for Elliptic Curve Crypto 5 RSA/SHA-1 [RFC3110] 6 - 251 Reserved by the IANA 252 ...

DNS not forwarding to other dns servers
We had a problem the other day when we lost power on our external DNS server. Users out on the internet were not able to hit our website and do any resolutions to our Secure VPN gateway. When we used the URL address for the website it would not resolve. When we used the VPN Client it would not resolve the name to an address to access the VPN. If we used the IP address it would work. I was under the impression if my dns server went down anyone trying to resolve address to my domain would get the resolution from their DNS server since this information was cached in their DNS Server....

DNS 1 and DNS 2
So out of curiosity I'm looking at all the connections in my firewall and ever once and while some hits on DNS 1 and 2 same as listed on my router web page . Some times it's to a close port others not . Is this normal activity from my ISP ? Or something I should be worried about ? tia CYS Hemi wrote: > looking at all the connections in my firewall and ever once and while > some hits on DNS 1 and 2 same as listed on my router web page. This is too vague to understand your question let alone answer it. Are you talking about a DSL or cable modem? Are you talking ab...

Novell DNS with W2K DNS
HI, I have to setup and AD in our NetWare 5.1 environment. DNS service are hosted by Netware server. AD needs a DNS server. Can I use the Netware DNS or I need to configure a new W2K DNS? Since AD need to register specific records in DNS. If you have any good documents or links about that I will appreciate. Thanks in advance Dany Some of my clients are in the same boat. The configuration that seems to work best for them is to have the MS DNS running to handle the AD stuff. Also run the Novell DNS pointing to the MS DNS as the authoritative source. Have the ...

Securing DNS
Any thoughts on protecting DNS queries from prying eyes? I already have two servers running ISC BIND 9.9.4 setup to do DNSSEC validation and recursive. I do not have set to forward either so the servers queries the root servers. I never use my ISP's DNS servers as I see it as a privacy concern. I know the DNS queries are UDP unecrypted. Is there anyway to encrypt the DNS traffic between my DNS servers and root servers? With all this talk about HTTPS PFS and secure VPN's......what about DNS and DNSSEC? How can we protect ourselves from tampered DNS queries and in...

External DNS
we are having the following 2 issues: 1 - After we connect to the Bordermanger 3.8 vpn server we are unable to acces any Internat WWW sites or ping any Internat sites - but we can ping an access all internal sites. 2 - we do have dns configured in IManager to send out DNS info to the VPN client - BUT we are ubable to ping internal servers by name only by ip.. please help Menachem Kain hi, > 1 - After we connect to the Bordermanger 3.8 vpn server we are unable to > acces any Internat WWW sites or ping any Internat sites - but we can ping an > access all intern...

DNS Forwarders to Microsoft DNS
We have 80% of our network on Novell Netware and use DHCP and DNS on Novell servers. Recently there have been implementations of Microsoft Active Directory installations and we were told that Microsoft does not support Novell DNS and we are therefore having to keep a Microsoft DNS. I have set a forwarder on my DNS server that points to the IP address of my Windows 2003 server and thought that if the Novell DNS could not reply it would be forwarded to the Win2003 DNS, it isn't working though, any ideas? Mark We have 4 Novell DNS servers and I have just not...

Securing DNS.
Can anyone tell me what's the best way to lock down DNS so that it doesn't send out root hints ? Just moved our DNS and now it's responding to such queries. Is this something I can do with a query filter ?! Thanks. -- neiljt1 ------------------------------------------------------------------------ neiljt1, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Visit http...

Security and DNS
--____FIVYRACBLJROFPKWMWQS____ Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hi all: We're running DNS on Netware 6.5 SP2 as a clustered resource. It is = working very well (thanks for asking!) We have been running through our year end security self audit and I have = been tweaking our DNS setup up.=20 What I have done is this: Each client on LAN: gets 2 DNS entries. One local DNS server and one at a = remote office (both Netware). Offices are interconnected by private lines = so this process is all behind the firewall. Each...

Secure DNS?
I just read an article about secure dns, being called DNSSEC. (www.dnssec.net) Does Novell's DNS server support this new feature? Thanks, Cheryl Cheryl Fischer Network / Email Administrator Horizon Bank Cheryl, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp - Check all of the other support tools a...

Question about DNS about DNS over VPN
Hi, we have got a problem (probabliy we misunderstood something) with the VPN - Client. When I login with the VPN-Client, where can I set the DNS-Context (Search Context) which will be passed to the Client? I can not find any settings at the VPN Definitions. Thanks in advance Reg. Thomas Thomas, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Do a search of our knowledgebase at http...

Web resources about - DNS? What DNS? - grc.security

Informação técnica pública sobre registo DNS em ".AO"
(English Version bellow) Todos os pedidos deverão ser solicitadas de acordo com os procedimentos estipulados em http://www.dns.ao/REGISTR.DOC ...

CERT.be / DNS-OK
De testperiode voor het virus DNSChanger is voorbij. La période de test pour les infections par le virus DNSChanger est terminée. Kan u na 9 ...

CloudfloorDNS managed DNS Hosting, Domain Management and Registration
We provide professional DNS solutions to free you from your regsitrars dns! Comprehensive domain management and registration facilities with ...

DNS leak test
DNSleaktest.com offers a simple test to check if you DNS requests are being leaked without your knowledge. The test takes only a few seconds ...

DNS Tools - Domain Name Service Diagnosis and Lookup Tools
DNS Tools and various other stuff relating to the domain name system.

DNS tools - Manage Monitor Analyze - DNSstuff.com
DNSstuff offers DNS tools, Network tools, Email tools, DNS reporting and IP information gathering. Explore monitoring products and free DNS tools ...

OpenDNS - Cloud Internet Security and DNS
OpenDNS provides millions of businesses, schools and households with a safer, faster and more intelligent Internet experience by protecting them ...

Managed DNS Services, DNS Hosting And DNS Solutions - UltraDNS
Learn more about how Neustar’s UltraDNS provides rock solid DNS hosting and management services trusted by premium web brands for over a decade. ...

DNS Lookup - Everything to do with DNS, DDNS, and Free Services
December 23, 2011 admin DDNS , Dynamic Dns , 0 There are about a billion dynamic dns vanity hostnames available, so it is a very difficult exercise ...

DNS Service Discovery (DNS-SD)
DNS Service Discovery is a way of using standard DNS programming interfaces, servers, and packet formats to browse the network for services. ...

Resources last updated: 1/22/2016 4:17:36 PM