[Dshield] DNS blackholes

Frank Knobbe frank at knobbe.us
Fri Dec 9 22:40:52 GMT 2005


On Fri, 2005-12-09 at 14:07 -0800, Pete Cap wrote:
>  If you have badguys.org blackholed (say, redirected to 127.0.0.1),
> and someone on your network sends out a query for that IP, then the
> DNS server will return 127.0.0.1, right?
>  
>  Is it still possible for an individual host to send out a request to
> a specific server (say, dns.otherbadguys.net) for badguys.org, thus
> bypassing the blackhole?  That is, you're ignoring the local DNS
> server.

Of course. That's why your firewall should only allow outbound DNS
queries from your authorized internal/forwarding name servers.

... you do restrict outbound traffic on your firewall, right?

Cheers,
Frank

-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20051209/2ad7e736/attachment.bin


More information about the list mailing list