> 1. Using the same src_IP:port# to dst_IP:port# (as earlier provided) it > is using DNS query to PTR 48.1.1.192.in-addr.arpa > > 2. Then our mail server replying to the same Source IP, using ICMP (0x01) > destination unreachable. Smells of a faulty DNS-setup, and of faulty routing. Some machine out there thinks you have the DNS for 1.1.192.in-addr.arpa, and is trying to resolve 48.1.1.192.in-addr.arpa through you. At least, that's a scenario I have seen a few times. This could be just a typo in an SOA or in the DNS-address specified on a specific computer. I addition, someone didn't get their routing right, 'cuz traffic to and from 242.x.x.x should not be routed to the Internet, AFAIK. Cheers, Anders :) ---------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jun 12 2003 - 10:38:38 PDT