[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] [RAQ4] Denying specific IP from DNS traffic

Subject: [cobalt-security] [RAQ4] Denying specific IP from DNS traffic
From: "David Thacker" <Cobalt@xxxxxxxxxxxxxx>
Date: Fri, 14 Feb 2003 14:19:56 -0700
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Greetings,

Some hosehead from 211.135.200.222 [IP1A0602.hkd.mesh.ad.jp] has been
banging my RaQ4 server with this DNS attack for over a week:

Feb 14 12:08:42 www named[1101]: denied update from [211.135.200.222].3381
for "targetdomain.com" IN

The port number increase each time, and he'll go in blocks of about 50-75
ports in a run.  It's starting to bug me.

How can I block this IP from reaching my server, specifically named?  Will
listing him in /etc/hosts.deny be effective, or will that not work because
named doesn't go through inetd?

I do not care if he is running a misconfigured Win2000 workstation that is
trying to broadcast hostname updates: he has no business attempting to do
this on this domain, and I want to shut him out.  I do not think this is the
classic Win2000 thing anyway.

This is BIND 8.3.4 from Solarspeed.

Thanks for any tips,

David Thacker

Follow-Ups:
- Re: [cobalt-security] [RAQ4] Denying specific IP from DNS traffic {Scanned}
  - From: Adam J. Dein
- Re: [cobalt-security] [RAQ4] Denying specific IP from DNS traffic
  - From: Mailing List
- Re: [cobalt-security] [RAQ4] Denying specific IP from DNS traffic
  - From: Ian

Prev by Date: RE: [cobalt-security] Proftpd Security Update 2.0.1 - New Update
Next by Date: Re: [cobalt-security] RaQ550 Valid updates?
Previous by thread: [cobalt-security] RaQ550 : mysql : Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)
Next by thread: Re: [cobalt-security] [RAQ4] Denying specific IP from DNS traffic {Scanned}

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index