Email Security.cloud

Dear sir,

According to the information from Document ID: 2006050215055863, 208.65.144.0/21 is hold by Symantec and customer's firewall can permit SMTP traffic coming from the said subnet, but in my firewall, it often detects DNS queries coming from the above subnet, but the hit count rate is very high, is that normal? Or, I would like to drop all the DNS queries from the subnet, does it affect any SMTP traffic after blocked?

Would you please reply me?

Best regards,
Ben

Hello Ben,

I would probably not feel comfortable telling you to block DNS queries from our list of IPs. Is there a reason that you need to block these? In order to determine whether it is normal or not you may need to call in to support and give us more information on what you feel is high.

Thanks!

Tom

Dear Tom,

Because my firewall reports top 10 attack source which contains said IP addresses, those traffic match the signature of DNS attack, the hitcount rate is very high. So I may consider to those traffic is not safe. But as known from Symantec, those IPs are hold by them. So I need to determine whehter I need to block the traffic or not.

I have consult my technical support vendor, they suggest us to contact Symantec to ask for more information.

Are those IP addresses hold by your company, not Symantec?

Do you mind to provide related information?

Thanks,
Ben

Hello Ben,

Those IPs should only be used by the hosted service provided through Symantec. If you need further information on that I would ask that you please call in to Symantec Support.

Thank you!

Tom