I have a scenario where our company allows users to VPN into our local network via Checkpoint's Basic Secure remote Application. I have noticed that when the users are logged into our network I see 192,168,x.x address in the HP's syslog.log -->>
inetd[15618]: telnet/tcp: Connection from unknown (192.168.1.3) at Thu Oct 26
This is what happens:
1: A telnet session is started from a client (192.168.x.x) to the HP Server.
2: Server does a {gethostbyname} on the 192.168.x.x Blackhole IP
3: Server gets a response from the blackhole servers outside the firewall and gets response back saying that its NXDOMAIN and then allows client to have a session.
The above telnet sessions works fine but in some cases it does not, for example if the route to the Blackhole Servers fails or is slow then the transversal of the query fails hence making the full cycle of the the telnet session to hang and the {gethostbyname} portion.
http://www.dnsstuff.com/tools/traversal.ch?domain=1.1.168.192.in-addr.arpa&type=PTRMy question to all is,
Is there a way to configure internal BIND to respond to all 192.168.x.x lookups internally, basically giving the receiving telnet server what it needs to complete the telnet cycle while disallowing external lookups to the Blackhole Servers and do this without having to create a bogus record for each potential IP address?
Thanks to all and I give lots of points!
JD
