ipchains & wildcards domains

Marek Barton bivoj na pohoda.com
Čtvrtek Únor 14 14:19:46 CET 2002 

Zdravim,

mam zajimavy problem, mnozi se mi utoky na server z mnoha adres, ale podle
resolvu to smeruje stale do jedne domeny. Rad bych tuto domenu celou 
zakazal, bohuzel rozsah ip adres je dost velky a nevim, jak definovat
presne pravidla. Pro predstavu:

(pC19F2743.dip.t-dialin.net[193.159.39.67])
(pD900F669.dip.t-dialin.net[217.0.246.105])
(pD900F9FE.dip.t-dialin.net[217.0.249.254])
(pD900FAB1.dip.t-dialin.net[217.0.250.177])
(pD9E1DB3E.dip.t-dialin.net[217.225.219.62])
(pD9E1E5E2.dip.t-dialin.net[217.225.229.226])
(pD9E1E66D.dip.t-dialin.net[217.225.230.109])
(pD9E1E953.dip.t-dialin.net[217.225.233.83])
(pD9E24610.dip.t-dialin.net[217.226.70.16])
(pD9E47D5A.dip.t-dialin.net[217.228.125.90])
(pD9E426A3.dip.t-dialin.net[217.228.38.163])
(pD9E42ACA.dip.t-dialin.net[217.228.42.202])
(pD9E5A1A9.dip.t-dialin.net[217.229.161.169])
(pD9E5A5D4.dip.t-dialin.net[217.229.165.212])
(pD9E5AC36.dip.t-dialin.net[217.229.172.54])
(pD9EB4901.dip.t-dialin.net[217.235.73.1])
(pD9EB4B8F.dip.t-dialin.net[217.235.75.143])
(pD9541846.dip.t-dialin.net[217.84.24.70])
(pD9541BF3.dip.t-dialin.net[217.84.27.243])
(pD9541B2B.dip.t-dialin.net[217.84.27.43])
(pD955F1F3.dip.t-dialin.net[217.85.241.243])
(pD955F557.dip.t-dialin.net[217.85.245.87])
(pD955FF90.dip.t-dialin.net[217.85.255.144]) 
(pD956BC8E.dip.t-dialin.net[217.86.188.142])
(pD956BCD8.dip.t-dialin.net[217.86.188.216])
(p3E9E3C7B.dip.t-dialin.net[62.158.60.123])
(p3EE2351F.dip.t-dialin.net[62.226.53.31])
(p3EE237EF.dip.t-dialin.net[62.226.55.239])
(p3EE35928.dip.t-dialin.net[62.227.89.40])
(p50824DFD.dip.t-dialin.net[80.130.77.253])
(p508256BE.dip.t-dialin.net[80.130.86.190])
(p50825B58.dip.t-dialin.net[80.130.91.88])
(p50854B91.dip.t-dialin.net[80.133.75.145])
(p5087724B.dip.t-dialin.net[80.135.114.75])
(p50875F95.dip.t-dialin.net[80.135.95.149])
(p5088392A.dip.t-dialin.net[80.136.57.42])
(p5088393D.dip.t-dialin.net[80.136.57.61])  

Pravidlo typu *.t-dialin.net na ipchains nefunguje, coz je vlasne logicky,
protoze kdyby se mela resolvovat kazda adresa, nez by se rozhodlo co s
packetem, tak by asi vykon stroje nebyl moc veliky ;-).

Otazka tedy je, co s tim. Napada me, ze bych mohl kontaktovat operatora
teto domeny, aby mi sdelil, jaky rozsahy ip adres pouziva, ze bych je rad
zablokoval ;-)

dekuji za jakekoliv postrehy

Marek Barton

Další informace o konferenci Linux