Page 1 of 1

block a dns address

PostPosted: Fri Nov 27, 2015 2:09 am
by lotus123r5
Best Support,

is it possible to block a dyndns or freedns or no-ip or other dns name?
Some providers dont give static ip-addresses to their customers, so if i block an external ip address with be,xxx.xxx.xxx.xxx # then the next day i have "attacks" again from the same dns account with another ip-address :(. So, is it possible to block a dns name, for example: be,nomoreattack.ddns.net #

Re: block a dns address

PostPosted: Sat Nov 28, 2015 11:50 am
by Lightning
It is somewhat possible. The problem is that you will almost have to do it manually for your specific situation.

First thing is to figure out exactly what is shown in the logs to indicate an attack. Then create a monitor script that will keep checking the logs and add a firewall rule to block it. The ipfwadm script can use names rather than IP's if the network and DNS is fully up and running.

So my guess is that you might not be able to do it, but if you post a log snippet of the offender than I most likely can give a solution.

Re: block a dns address

PostPosted: Sun Nov 29, 2015 4:11 am
by lotus123r5
OK, thx for the info, .. not that easy... will come back to this issue after upgrade to 0.4.5, and if the dns attack issue still plays.