Re: [Firestarter-user] Re: Firestarter-user digest, Vol 1 #1140 - 5 msgs
Brought to you by:
majix
From: ryan <ry...@zo...> - 2005-04-24 16:00:11
|
Not a problem at all! ns1.aztec20.com is the name server that tells IP: 205.209.150.210 that he should reverse to the domain name name: 210.150.209.205.in-addr.arpa Right away, this is messed up. 205.209.150.210 should not reverse to a name like 210.150.209.205.in-addr.arpa , but this isn't a terrible problem, just confusing when the IP is backwards. Now when we try to reverse natfront.com we get 205.209.150.210. So natfront.com resolves to 205.209.150.210 and 205.209.150.210 resolves to 210.150.209.205.in-addr.arpa natfront.com can point their domain name to any IP easily enough. The owner of the IP is the only person who can point the IP address to natfront.com (and in this case they haven't). Any of the below are possible explanations (and there are probably a few I missed): -natfront never asked the owner of 205.209.150.210 to reverse their IP to natfront.com -natfront asked the owner, and he/she said no, or wanted to charge extra, or doesn't know how to. -natfront rooted/hijacked someone else's server and made it their webserver. You can usually block all connections to your servers (ssh, vsftp, sendmail) from domain names withour proper reverse dns entries via tcp wrappers and the "paranoid" switch. http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/ref-guide/s1-tcpwrappers-access.html (apache, etc sometimes have their own more advanced settings) This will only protect clients connecting to you, not the other way around. Many mailservers will drop any mail forwarded from a mailserver without a proper reverse DNS entry. On Sunday 24 April 2005 09:06, elliott-brennan wrote: > Dear Ryan, > > Genius! > > I changed my 'apply rules' settings to manual from automatic, added the > IP addresses and URL (by the way, what is ns1.aztec20.com?) and bingo, > works... > > Thanks enormously. > > Now, if only you could help me work out my DI-641 wireless > router/Smoothwall problem... :) > > Seriously, thanks for your help. Very much appreciated. > > ("Their reverse DNS entry is totally messed up, their domain name > doesn't reverse properly, and the reverse is in a non-standard format." > - why do you think that might be?? - just curious) > > Regards, > > Patrick > > ryan wrote: > >Their reverse DNS entry is totally messed up, their domain name doesn't > >reverse properly, and the reverse is in a non-standard format. > > > >Try blocking connections to: > >205.209.150.210/24 > >210.150.209.in-addr-arpa > >ns1.aztec20.com > > > > > >nslookup on natfront.com.... > >Name: natfront.com > >Address: 205.209.150.210 > > > >nslookup on 205.209.150.210....... > >Non-authoritative answer: > >210.150.209.205.in-addr.arpa name = ns1.aztec20.com. > > > >On Sunday 24 April 2005 03:53, elliott-brennan wrote: > >>Dear Ryan, > >> > >>The URL is: > >> > >>www.natfront.com > >> > >>Fairly nasty bunch. > >> > >>>--__--__-- > >>> > >>>Message: 3 > >>>Subject: Re: [Firestarter-user] Blocking option for sites doesn't appear > >>>to work > >>>From: ryan <ry...@zo...> > >>>To: fir...@li... > >>>Date: Sat, 23 Apr 2005 10:09:32 -0400 > >>>Reply-To: fir...@li... > >>> > >>>what is the URL? > >>> > >>>On Sat, 2005-04-23 at 23:44 +1000, elliott-brennan wrote: > >>>>Hi all, > >>>> > >>>>Running Firestarter on FC3. > >>>> > >>>>I decided to check out the 'Outbound Traffic Policy' options. > >>>> > >>>>Under 'Permissive by default, blacklist traffic', I decided I would > >>>>enter the URL for the National Front in the UK. I thought that if I > >>>>buggered it up and couldn't 'unblock' it, it was of no great loss to me > >>>>or anyone else LOL. > >>>> > >>>>So I entered their site's URL and... nothing! I can still access their > >>>>site. :( > >>>> > >>>>In the manual it seems quite simple, but I've played around with it a > >>>>few times and can't quite seem to get it to work. > >>>> > >>>>Any assistance/advice or redirections would be most appreciated. > >>>> > >>>>Thanks all, and to Firestarter - great program. I like being able to > >>>> see what's happening (okay, a left over from proprietery firewalls - > >>>> but I LOVE 'em :)) > >>>> > >>>> > >>>>------------------------------------------------------- > >>>>SF email is sponsored by - The IT Product Guide > >>>>Read honest & candid reviews on hundreds of IT Products from real > >>>> users. Discover which products truly live up to the hype. Start > >>>> reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > >>>>_______________________________________________ > >>>>Firestarter-user mailing list > >>>>To unsubscribe, visit > >>>>https://lists.sourceforge.net/lists/listinfo/firestarter-user > >>> > >>>--__--__-- > >>> > >>>_______________________________________________ > >>>Firestarter-user mailing list > >>>To unsubscribe, visit > >>>https://lists.sourceforge.net/lists/listinfo/firestarter-user > >>> > >>>End of Firestarter-user Digest > >> > >>------------------------------------------------------- > >>SF email is sponsored by - The IT Product Guide > >>Read honest & candid reviews on hundreds of IT Products from real users. > >>Discover which products truly live up to the hype. Start reading now. > >>http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > >>_______________________________________________ > >>Firestarter-user mailing list > >>To unsubscribe, visit > >>https://lists.sourceforge.net/lists/listinfo/firestarter-user |