[Dshield] DNS blackholes

Martin Forest martin at forest.gen.nz
Fri Dec 9 23:47:37 GMT 2005


If the user knows the ip address, they can go there without dns, either by  
ip address in the url or put an entry in the hosts file. The only way to  
make sure you block the server is to nullroute/acl/firewall the ip  
address(s). If you have a fortinet firewall, you can do some clever web  
blocking. And in the next major version, there are some really neet  
functions for blocking...
/Martin Forest
On Sat, 10 Dec 2005 11:07:24 +1300, Pete Cap <peteoutside at yahoo.com> wrote:

> List,
> I had a technical question I hoped someone here could answer.
> If you have badguys.org blackholed (say, redirected to 127.0.0.1), and  
> someone on your network sends out a query for that IP, then the DNS  
> server will return 127.0.0.1, right?
> Is it still possible for an individual host to send out a request to a  
> specific server (say, dns.otherbadguys.net) for badguys.org, thus  
> bypassing the blackhole?  That is, you're ignoring the local DNS server.
> Just wondering!  Thanks!
> Regards,
>  Pete
>
> 			
> ---------------------------------
> Yahoo! Shopping
>  Find Great Deals on Holiday Gifts at Yahoo! Shopping
> _________________________________________
> Using .Net? Need to know more about .Net Security?
> http://isc.sans.org/banner_count.php?dest=dotnet
>
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:  
> http://www.dshield.org/mailman/listinfo/list



-- 
If you take copy protection too far, the only customers you will have are  
the ones that intend to sell illegal copies of your work. By: Martin Forest
Warning: DRM/BMG protected CD’s are likely to infect you with a Rootkit.



More information about the list mailing list