On Sat, Oct 2, 2010 at 4:37 PM, bruce bruce <[email protected]> wrote:
> Thanks Roger. > > I will be trying this box to see what I can do. Otherwise, I'd probably > have to find a list of all of the Rogers (The ISP providing internet to > these boxes) IPs to at least limit the attacks to Rogers ISP. > > hmmm.... > > > Or maybe secure is using DNS like this: > sdlfjds...@$523k4j98sd7fkjh324#@$832.dyndns.org > > ^^^^^^^^^^^^^^^^^^^^isn't that a security feature in itself? > > Thanks > > > > > On Sat, Oct 2, 2010 at 4:32 PM, Roger Burton West <[email protected]>wrote: > >> On Sat, Oct 02, 2010 at 04:09:33PM -0400, bruce bruce wrote: >> >Can't I in my ip tables just accept the pap2t.dyndns.org if that is bind >> to >> >the PAP2T? do you think the devices comes in with it's external IP rather >> >than the dyndns domain? >> >> Yes. An IP datagram carries only the source and destination IP >> addresses, not the DNS names associated with them. Your firewall _may_ >> be able to accept a DNS name to block or allow rather than an IP >> address, but most don't, and doing so makes you vulnerable to DNS >> spoofing attacks. >> >> To go further would be thoroughly off-topic for this list. >> >> Roger >> >> -- >> _____________________________________________________________________ >> -- Bandwidth and Colocation Provided by http://www.api-digital.com -- >> New to Asterisk? Join us for a live introductory webinar every Thurs: >> http://www.asterisk.org/hello >> >> asterisk-users mailing list >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users >> > > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > You're not going to be able to put a dns hostname in the iptables, but you could have a script that runs at times and gets the ip address for your dynamic hostname and allows that.
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
