|
![](/i/fill.gif) |
Jim Henderson wrote:
> Thinking about it a little more, I wonder what would happen if he used
> the server's IP address rather than the DNS name.
Nothing different: the firewall doesn't even get to see the name. By the time
the packet reaches the firewall, the IP address has already been determined
(done by a DNS lookup on the client PC). Most likely the firewall admins have
specifically added a rule to allow access to the Microsoft news groups. It's not
uncommon for corporate firewalls to not allow access to NNTP in general.
-- Chris
Post a reply to this message
|
![](/i/fill.gif) |
|
![](/i/fill.gif) |
On Mon, 11 May 2009 16:46:48 +1000, Chris Cason wrote:
> Jim Henderson wrote:
>> Thinking about it a little more, I wonder what would happen if he used
>> the server's IP address rather than the DNS name.
>
> Nothing different: the firewall doesn't even get to see the name. By the
> time the packet reaches the firewall, the IP address has already been
> determined (done by a DNS lookup on the client PC). Most likely the
> firewall admins have specifically added a rule to allow access to the
> Microsoft news groups. It's not uncommon for corporate firewalls to not
> allow access to NNTP in general.
In general I'd agree, but I have seen some weird things done with
firewalls in the past.
Or it could be something odd being done at the DNS level to deny specific
domains.
But you're probably right - it's probably a blanket exclusion with a
specific inclusion for the MS newsgroups server - that would be the
easiest to implement. :-)
Jim
Post a reply to this message
|
![](/i/fill.gif) |