[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] H4CK3R5
- Subject: Re: [cobalt-users] H4CK3R5
- From: "Rick Ewart" <cobalt@xxxxxxxxx>
- Date: Wed Feb 14 08:02:15 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
> How do i deny a whole country ?
>
> i want to add the whole of korea in my host.deny file
>
> is this possible?
Now, we're talking... I proposed this a few weeks ago and didn't get much
response. Since then I have done a little homework. You can just put a line
like this:
ALL: .kr
That will take care of anyone who your server is able to resolve the name
on - can't do it for a lot the our little friends. Also, hosts.deny only
affects things protected with wrappers - which includes http, ftp, etc. This
means scans are still possible and so is the BIND exploit, I believe (based
on a comment I read a little while ago on this list). So, it is far from
being a panacea.
HOWEVER, you COULD use IPchains, which could kill everything - so I
understand. The problem here is that you have to do it via IP address...
Can't just stick in .kr - how I'd love to! Craig Napier gave me a copy of
his list where he took the time to lookup all of the Korean ips, apparently.
He might be willing to share with others if you ask nicely... :)
If anyone knows a program that will work like IPchains but with domain
names, I would LOVE to know about it.... I am not holding my breath though,
as it seems realtively impossible/difficult due to the need to resolve IPs
backwards.
HTH.
Rick
P.S. Rodolfo - off topic but I will find the article about switched networks
being sniffable and post it ASAP