Sean Carolan wrote:
I would like to block all DNS queries that come from one particular ip
address. I used TCPdump to verify that the queries were in fact,
coming from this IP:
[EMAIL PROTECTED]:~]$ sudo tcpdump -n udp port 53 and src 10.100.1.1
tcpdump: listening on eth0
11:12:17.162100 10.100.1.1.19233 > 10.100.1.61.domain: 14270+ A?
server.domain.com. (32) (DF)
Looks to me that you have a larger problem. Is this an rfc1918 address
coming from the outside? You should be blocking ALL rfc1918 addresses
from the Internet, as they are by definition an attack.
If this is from an internal source, go to that source and figure out
what it is doing.
rfc1918 defines PRIVATE ipv4 addresses. These are not routed over the
Internet. A packet with a source address in 'Net1' will never route out
back to the sender. It is intended to attack (in some way) the destination.
Could someone help with the proper syntax for an IPtables rule to
block port 53 udp traffic from this IP? I tried this rule but it
doesn't work:
-A RH-Firewall-1-INPUT -s 10.100.1.1 -m udp -p udp --dport 53 -j REJECT
_______________________________________________
CentOS mailing list
[email protected]
http://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
[email protected]
http://lists.centos.org/mailman/listinfo/centos
