Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
SuSE-Mailing list from an unregistered server?
  • From: Andreas Kisslinger <SuSE-Security@xxxxxxxxxx>
  • Date: Wed, 14 Feb 2001 11:16:28 +0100
  • Message-id: <3A8A5AFC.7D7BF192@xxxxxxxxxx>
Hello SuSE-Security,

I'm receiving several SuSE mail lists, but it's interesting, that an access
denied event for the destination 10.87.0.5 UDP:53 ist reported by our external
Cisco (I'm blocking all IANA reserved and private IP networks), near the time an
email from the SuSE-Security arrives.

I'm having warnings from Postfix (MTA) that host1.Dyna.Oak.SuSE.com can't be
verified.

It seems, that SuSE.com is using an private IP address for DNS communication to
the internet.

Here is a small nslookup result:
>>nslookup -type=NS Oak.SuSE.com
>Server: localhost
>Address: 127.0.0.1
>
>Non-authoritative answer:
>Oak.SuSE.com nameserver = ns.Oak.SuSE.com
>
>Authoritative answers can be found from:
>ns.Oak.SuSE.com internet address = 10.87.0.5

I think that's not really conform to the internet standards, isn't it? >;->

Best regards,
Andreas Kisslinger

----------- Some extracts from the logs ------------
/var/log/cisco.log:
Feb 12 15:39:43 MY-EXTERNAL-ROUTER 35147: Feb 12 14:39:42.002:
%SEC-6-IPACCESSLOGP: list 110 denied udp MY-DNS-IP(1458) -> 10.87.0.5(53), 1
packet

/var/log/warn:
Feb 12 15:40:10 gw1 postfix/smtpd[13314]: warning: 202.58.118.3: hostname host1.
Dyna.Oak.SuSE.com verification failed: Host not found, try again

And the content of the mail arriving at this moment:
Received: from lists.suse.com (unknown [202.58.118.3]) by MY-MAIL-HOST
(Mailer) with SMTP id CBBEE1F89 for <SuSE-Security@MY-RECEIVING-DOMAIN>;
Mon, 12 Feb 2001 15:40:35 +0100 (CET)


< Previous Next >
This Thread
  • No further messages