[geeks] How to block an entire domain?
Geoffrey S. Mendelson
gsm at mendelson.com
Wed Oct 10 16:56:06 CDT 2007
I found that I received an email with a trojan on it tonight. If I had
clicked on the link, it would have attemped to download an IRC program.
Luckily MUTT does not support HTML mail, I saw the link as an HREF
instead of a "click here".
I downloaded the program with WGET. CLAMSCAN said that it was an
IRC trojan. Using STRINGS I found that it really was a RAR self
extracing archive. I unrared it and got a directory with an IRC
program and a lot of control files.
It included a rather interesting password list and some other things,
and would have connected to undernet.org.
This leads me to the following question, how do I disable access to
undernet.org?
I use a Linux system as a router and firewall. I can block access to
an IP address, or a range of IP addresses as in an address and netmask,
but I can't block it by a domain name. I'm not sure I would want to do
a DNS lookup more than once. :-)
Is there a way to do a DNS lookup for an entire domain? There may be
many subdomains each with their own DNS server.
Thanks,
Geoff.
--
Geoffrey S. Mendelson, Jerusalem, Israel gsm at mendelson.com N3OWJ/4X1GM
IL Voice: (07)-7424-1667 U.S. Voice: 1-215-821-1838
Visit my 'blog at http://geoffstechno.livejournal.com/
More information about the geeks
mailing list