Script-kiddie / client <IP> query (cache) '<host>/MX/IN' denied
Denis BUCHER
dbucherml at hsolutions.ch
Thu Aug 5 19:46:03 UTC 2010
Yes I have a wonderful script doing that for SSH but not for iptables.
For Bind, I must say that this problem appears 2-3 times a month, I can
therefore manage it manually for the moment...
Denis
Le 04.08.2010 14:36, Sten Carlsen a écrit :
> You may want to consider how to trigger removal of this blocking when
> the problem has gone away and the address is again used responsibly.
>
> Maybe add a log statement with a limitation of one per day and checking
> that this is no longer seen for some time? IPTABLES can do the logging.
>
> On 04/08/10 11:00, Denis BUCHER wrote:
>> Le 03.08.2010 21:25, Kevin Darcy a écrit :
>>>>>> I would like to know if I can block hosts doing that at the level of
>>>>>> /etc/hosts.allow or should I do it at the level of Bind itself ?
>>>>> Use IPTables or add rules to your firewall. I don't believe that BIND
>>>>> pays any attention to /etc/hosts.allow
>>>>
>>>> Yes I tried iptables, it is working perfectly, and /etc/hosts.allow
>>>> does not look to be working. This was pefect :
>>>>
>>>> iptables -I INPUT 3 -p tcp -s 202.152.172.4 --dport 53 -j DROP
>>>>
>>> I'm no iptables experts, but doesn't that only apply to TCP packets?
>>
>> Dear Kevin,
>>
>> Yes sorry, in fact I also should add a rule for UDP :
>>
>>> iptables -I INPUT 3 -p udp -s 202.152.172.4 --dport 53 -j DROP
>>
>> Or : (all ports)
>>
>>> iptables -I INPUT 3 -s 202.152.172.4 -j DROP
Denis
More information about the bind-users
mailing list