[SATLUG] Blocking with iptables, even if the hostname won't resolve

Michael Rice michael at michaelrice.org
Tue May 11 12:25:18 CDT 2010


You could try using a string match if you really have nothing else to 
work with

On 5/11/2010 11:47 AM, David Salisbury wrote:
> So, we have a server attacking one of our services right now:
>
> maria-victoria.zevsnet.netvisio.net
>
> I'd like to use iptables to block the traffic, but unfortunately even 
> though that host is continually connecting, the above domain name 
> doesn't resolve to an IP and thus iptables can't do anything (iptables 
> replies with a "host/network `maria-victoria.zevsnet.netvisio.net' not 
> found" message).  Does anyone have any ideas about blocking this 
> traffic, or about finding the IP it's associated with so I can?  So 
> far my searches are fruitless, and I've not encountered a host that 
> won't resolve like this that is currently and actively connecting!
> David
>


More information about the SATLUG mailing list