Greetings, Some hosehead from 211.135.200.222 [IP1A0602.hkd.mesh.ad.jp] has been banging my RaQ4 server with this DNS attack for over a week:
Feb 14 12:08:42 www named[1101]: denied update from [211.135.200.222].3381 for "targetdomain.com" IN The port number increase each time, and he'll go in blocks of about 50-75 ports in a run. It's starting to bug me. How can I block this IP from reaching my server, specifically named? Will listing him in /etc/hosts.deny be effective, or will that not work because named doesn't go through inetd? I do not care if he is running a misconfigured Win2000 workstation that is trying to broadcast hostname updates: he has no business attempting to do this on this domain, and I want to shut him out. I do not think this is the classic Win2000 thing anyway. This is BIND 8.3.4 from Solarspeed. Thanks for any tips, David Thacker _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
