Facebook pings my pfsense



  • A quick question has anyone else noticed when facebook is accessed your WAN IP address gets pinged and you get DNS queries.  At first I thought it was just someone doing random pings but when I done a reverse lookup the IP addresses are from Facebook.

    66.220.151.110
    69.63.189.228
    69.171.228.230

    Please see the attached screen shot from the firewall logs, question is this normal I haven't tried it via a web browser we are bothing using the iPhone App.




  • I can now confirm this only happens via the iPhone App and not using a web browser, still a bit unsure why they would do this?



  • Odd, not sure why they would do that. May be an anti-abuse measure of some sort, though I can't imagine what exactly that would accomplish.



  • I have just checked with a blackberry and that doesnt have the same issues only the two iPhones which both get ICMP and DNS queries back to the firewall.



  • Does it for me too. Can't seem to find any explanation, but I suspect my guess of some kind of abuse prevention/detection measure is accurate.



  • Digging a little closer, got a packet capture of the DNS request they're sending. It's just a NS root query, which is used at times in DNS amplification DDoS attacks (when hosts actually respond). So my guess is they're checking if the host is likely to be one that's taking part in a DDoS attack because it's configured poorly answering to the world. What relation that has to the iPhone app and apparently nothing else, I don't know.


Locked