[geeks] How to block an entire domain?

Geoffrey S. Mendelson gsm at mendelson.com
Wed Oct 10 16:56:06 CDT 2007


I found that I received an email with a trojan on it tonight. If I had
clicked on the link, it would have attemped to download an IRC program.

Luckily MUTT does not support HTML mail, I saw the link as an HREF 
instead of a "click here".

I downloaded the program with WGET. CLAMSCAN said that it was an
IRC trojan.  Using STRINGS I found that it really was a RAR self
extracing archive. I unrared it and got a directory with an IRC 
program and a lot of control files.

It included a rather interesting password list and some other things,
and would have connected to undernet.org.

This leads me to the following question, how do I disable access to
undernet.org?

I use a Linux system as a router and firewall. I can block access to
an IP address, or a range of IP addresses as in an address and netmask,
but I can't block it by a domain name. I'm not sure I would want to do 
a DNS lookup more than once. :-)

Is there a way to do a DNS lookup for an entire domain? There may be
many subdomains each with their own DNS server.

Thanks, 

Geoff.

-- 
Geoffrey S. Mendelson, Jerusalem, Israel gsm at mendelson.com  N3OWJ/4X1GM
IL Voice: (07)-7424-1667 U.S. Voice: 1-215-821-1838 
Visit my 'blog at http://geoffstechno.livejournal.com/



More information about the geeks mailing list