[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] [RAQ4] Denying specific IP from DNS traffic {Scanned}

What about installing the phoenix firewall and blocking the IP that way?

Adam Dein
adam@xxxxxxxxxx
http://www.amongo.com

----- Original Message ----- 
From: "David Thacker" <Cobalt@xxxxxxxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Friday, February 14, 2003 4:19 PM
Subject: [cobalt-security] [RAQ4] Denying specific IP from DNS traffic
{Scanned}


> Greetings,
>
> Some hosehead from 211.135.200.222 [IP1A0602.hkd.mesh.ad.jp] has been
> banging my RaQ4 server with this DNS attack for over a week:
>
> Feb 14 12:08:42 www named[1101]: denied update from [211.135.200.222].3381
> for "targetdomain.com" IN
>
> The port number increase each time, and he'll go in blocks of about 50-75
> ports in a run.  It's starting to bug me.
>
> How can I block this IP from reaching my server, specifically named?  Will
> listing him in /etc/hosts.deny be effective, or will that not work because
> named doesn't go through inetd?
>
> I do not care if he is running a misconfigured Win2000 workstation that is
> trying to broadcast hostname updates: he has no business attempting to do
> this on this domain, and I want to shut him out.  I do not think this is
the
> classic Win2000 thing anyway.
>
> This is BIND 8.3.4 from Solarspeed.
>
> Thanks for any tips,
>
> David Thacker
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
> ----
> This message has been scanned for viruses
> and dangerous content by Amongo.com,
> and is believed to be clean.
>


----
This message has been scanned for viruses
and dangerous content by Amongo.com,     
and is believed to be clean.