Solved

Blocking outbound DNS requests.

Posted on 2004-04-09
2
306 Views
Last Modified: 2010-03-18
Good Afternoon Everyone,

I was made aware of a new IRCD bot that has keylogging facilities. Have you guys seen this yet? Kinda scarey.

http://securecomputing.stanford.edu/alerts/multiple-unix-6apr2004.html

In anycase, I was wanting to block all dns requests to a certain domain/ip and was curious to know what would be
the best way to do this without breaking anything. I am running a local DNS server and want to block all outbound
traffic to a certain domain/ip that is requested by my client stations. I would also like to add logging capabilities as
well but am uncertain on how to accomplish this. Just exactly how do I do this in my firewall rule set?

Thanks
0
Comment
Question by:martinmorales
2 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 10794177
Using iptables you'd want to specifically deny FORWARD to that IP/network, something like:

iptables -N firewalled
iptables -A firewalled -j LOG --log-prefix Firewalled:
iptables -A firewalled -j drop

iptables -A FORWARD -p tcp -d 1.2.3.4 -j firewalled
iptables -A FORWARD -p udp -d 1.2.3.4 -j firewalled
0
 

Author Comment

by:martinmorales
ID: 10794986
This worked great! Thank you very much.
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question