[Dshield] DNS blackholes
martin at forest.gen.nz
Fri Dec 9 23:47:37 GMT 2005
If the user knows the ip address, they can go there without dns, either by
ip address in the url or put an entry in the hosts file. The only way to
make sure you block the server is to nullroute/acl/firewall the ip
address(s). If you have a fortinet firewall, you can do some clever web
blocking. And in the next major version, there are some really neet
functions for blocking...
On Sat, 10 Dec 2005 11:07:24 +1300, Pete Cap <peteoutside at yahoo.com> wrote:
> I had a technical question I hoped someone here could answer.
> If you have badguys.org blackholed (say, redirected to 127.0.0.1), and
> someone on your network sends out a query for that IP, then the DNS
> server will return 127.0.0.1, right?
> Is it still possible for an individual host to send out a request to a
> specific server (say, dns.otherbadguys.net) for badguys.org, thus
> bypassing the blackhole? That is, you're ignoring the local DNS server.
> Just wondering! Thanks!
> Yahoo! Shopping
> Find Great Deals on Holiday Gifts at Yahoo! Shopping
> Using .Net? Need to know more about .Net Security?
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
If you take copy protection too far, the only customers you will have are
the ones that intend to sell illegal copies of your work. By: Martin Forest
Warning: DRM/BMG protected CD’s are likely to infect you with a Rootkit.
More information about the list