[geeks] How to block an entire domain?
Jonathan Katz
jon at jonworld.com
Thu Oct 11 08:23:23 CDT 2007
Alternately it may be nice to let the undernet.org admins know about this
trojan activity so they can kill the channels/track the bots in use by this
trojan. These trojans are abusing their network resources as much as
anything else.
On 10/10/07, Geoffrey S. Mendelson <gsm at mendelson.com> wrote:
>
> I found that I received an email with a trojan on it tonight. If I had
> clicked on the link, it would have attemped to download an IRC program.
>
> Luckily MUTT does not support HTML mail, I saw the link as an HREF
> instead of a "click here".
>
> I downloaded the program with WGET. CLAMSCAN said that it was an
> IRC trojan. Using STRINGS I found that it really was a RAR self
> extracing archive. I unrared it and got a directory with an IRC
> program and a lot of control files.
>
> It included a rather interesting password list and some other things,
> and would have connected to undernet.org.
>
> This leads me to the following question, how do I disable access to
> undernet.org?
>
> I use a Linux system as a router and firewall. I can block access to
> an IP address, or a range of IP addresses as in an address and netmask,
> but I can't block it by a domain name. I'm not sure I would want to do
> a DNS lookup more than once. :-)
>
> Is there a way to do a DNS lookup for an entire domain? There may be
> many subdomains each with their own DNS server.
>
> Thanks,
>
> Geoff.
More information about the geeks
mailing list