What about installing the phoenix firewall and blocking the IP that way?
Adam Dein
[EMAIL PROTECTED]
http://www.amongo.com
----- Original Message -----
From: "David Thacker" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 14, 2003 4:19 PM
Subject: [cobalt-security] [RAQ4] Denying specific IP from DNS traffic
{Scanned}
> Greetings,
>
> Some hosehead from 211.135.200.222 [IP1A0602.hkd.mesh.ad.jp] has been
> banging my RaQ4 server with this DNS attack for over a week:
>
> Feb 14 12:08:42 www named[1101]: denied update from [211.135.200.222].3381
> for "targetdomain.com" IN
>
> The port number increase each time, and he'll go in blocks of about 50-75
> ports in a run. It's starting to bug me.
>
> How can I block this IP from reaching my server, specifically named? Will
> listing him in /etc/hosts.deny be effective, or will that not work because
> named doesn't go through inetd?
>
> I do not care if he is running a misconfigured Win2000 workstation that is
> trying to broadcast hostname updates: he has no business attempting to do
> this on this domain, and I want to shut him out. I do not think this is
the
> classic Win2000 thing anyway.
>
> This is BIND 8.3.4 from Solarspeed.
>
> Thanks for any tips,
>
> David Thacker
>
> _______________________________________________
> cobalt-security mailing list
> [EMAIL PROTECTED]
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>
> ----
> This message has been scanned for viruses
> and dangerous content by Amongo.com,
> and is believed to be clean.
>
----
This message has been scanned for viruses
and dangerous content by Amongo.com,
and is believed to be clean.
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
