[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] [RAQ4] Denying specific IP from DNS traffic
- Subject: [cobalt-security] [RAQ4] Denying specific IP from DNS traffic
- From: "David Thacker" <Cobalt@xxxxxxxxxxxxxx>
- Date: Fri, 14 Feb 2003 14:19:56 -0700
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Greetings,
Some hosehead from 211.135.200.222 [IP1A0602.hkd.mesh.ad.jp] has been
banging my RaQ4 server with this DNS attack for over a week:
Feb 14 12:08:42 www named[1101]: denied update from [211.135.200.222].3381
for "targetdomain.com" IN
The port number increase each time, and he'll go in blocks of about 50-75
ports in a run. It's starting to bug me.
How can I block this IP from reaching my server, specifically named? Will
listing him in /etc/hosts.deny be effective, or will that not work because
named doesn't go through inetd?
I do not care if he is running a misconfigured Win2000 workstation that is
trying to broadcast hostname updates: he has no business attempting to do
this on this domain, and I want to shut him out. I do not think this is the
classic Win2000 thing anyway.
This is BIND 8.3.4 from Solarspeed.
Thanks for any tips,
David Thacker