[unisog] automated IP blacklist tools?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Mon Nov 22 20:39:18 GMT 2004


On Mon, 22 Nov 2004 15:08:57 EST, Jenett Tillotson said:
> 
> We have been discussing something similar.  I would love to modify 
> tcp wrappers to query a black hole list using something like 
> postsentry to make the DNS entries.

Actually, it's sort-of doable already, if you don't mind using some
bailing wire and chewing gum.

Remember that tcp_wrappers will do a PTR lookup to get the hostname - so
you just jigger your DNS server so it answers PTR lookups for "bad" addresses
as '<ip-addr>.blackhole.your.domain', and forwards along "good" addresses
for resolution by the actual PTR owner.

Then just add to /etc/hosts.deny:

ALL: ALL : *.blackhole.your.domain

(Untested, untried, actually implementing it may cause warts or worse. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20041122/66d80d96/attachment-0002.bin


More information about the unisog mailing list