> > How can I block this IP from reaching my server, specifically named? Will > > listing him in /etc/hosts.deny be effective, or will that not work because > > named doesn't go through inetd? > > Back to the original question of blocking dns: > > You can block the attacker with ipchains: > > $IPCHAINS -A input -p tcp -s 211.135.200.22 -d $YOURIP 53 -j DENY > $IPCHAINS -A input -p udp -s 211.135.200.22 -d $YOURIP 53 -j DENY > > replace $IPCHAINS with the path to ipchains > and $YOURIP with your IP address > > This will only block dns, to block everything from this host, remove > the '53' > > > Regards > > Ian > --
Ian, thanks for the tip. It turns out that the attacking IP is now changing on a daily basis, so it would just turn into a cat and mouse game. BIND is refusing these requests anyway since they are not listed in my Zone Transfer Access list, so I guess I'll just choose to ignore them and see if they eventually go away. David Thacker _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
