[Dshield] DNS blackholes
frank at knobbe.us
Fri Dec 9 22:40:52 GMT 2005
On Fri, 2005-12-09 at 14:07 -0800, Pete Cap wrote:
> If you have badguys.org blackholed (say, redirected to 127.0.0.1),
> and someone on your network sends out a query for that IP, then the
> DNS server will return 127.0.0.1, right?
> Is it still possible for an individual host to send out a request to
> a specific server (say, dns.otherbadguys.net) for badguys.org, thus
> bypassing the blackhole? That is, you're ignoring the local DNS
Of course. That's why your firewall should only allow outbound DNS
queries from your authorized internal/forwarding name servers.
... you do restrict outbound traffic on your firewall, right?
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20051209/2ad7e736/attachment.bin
More information about the list