Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Facebook pings my pfsense

    Firewalling
    2
    6
    1584
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      galaxy60 last edited by

      A quick question has anyone else noticed when facebook is accessed your WAN IP address gets pinged and you get DNS queries.  At first I thought it was just someone doing random pings but when I done a reverse lookup the IP addresses are from Facebook.

      66.220.151.110
      69.63.189.228
      69.171.228.230

      Please see the attached screen shot from the firewall logs, question is this normal I haven't tried it via a web browser we are bothing using the iPhone App.


      1 Reply Last reply Reply Quote 0
      • G
        galaxy60 last edited by

        I can now confirm this only happens via the iPhone App and not using a web browser, still a bit unsure why they would do this?

        1 Reply Last reply Reply Quote 0
        • C
          cmb last edited by

          Odd, not sure why they would do that. May be an anti-abuse measure of some sort, though I can't imagine what exactly that would accomplish.

          1 Reply Last reply Reply Quote 0
          • G
            galaxy60 last edited by

            I have just checked with a blackberry and that doesnt have the same issues only the two iPhones which both get ICMP and DNS queries back to the firewall.

            1 Reply Last reply Reply Quote 0
            • C
              cmb last edited by

              Does it for me too. Can't seem to find any explanation, but I suspect my guess of some kind of abuse prevention/detection measure is accurate.

              1 Reply Last reply Reply Quote 0
              • C
                cmb last edited by

                Digging a little closer, got a packet capture of the DNS request they're sending. It's just a NS root query, which is used at times in DNS amplification DDoS attacks (when hosts actually respond). So my guess is they're checking if the host is likely to be one that's taking part in a DDoS attack because it's configured poorly answering to the world. What relation that has to the iPhone app and apparently nothing else, I don't know.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post