{"id":1366,"date":"2009-01-25T00:18:35","date_gmt":"2009-01-24T22:18:35","guid":{"rendered":"http:\/\/www.imacandi.net\/sin\/blog\/?p=1366"},"modified":"2009-01-25T00:18:35","modified_gmt":"2009-01-24T22:18:35","slug":"geek-stuff-dropping-inns-queries","status":"publish","type":"post","link":"https:\/\/www.imacandi.net\/sin\/blog\/2009\/01\/25\/geek-stuff-dropping-inns-queries.html","title":{"rendered":"[geek stuff] dropping .\/IN\/NS queries"},"content":{"rendered":"

Nu stiu cati stiti, da e un dictai atacul indreptat asupra unui ISP de peste ocean (ISPrime) care foloseste ca IP susrsa, IP-urile ISP-ului mentionat mai devreme (spoofed source).<\/p>\n

Noah, daca vede careva query-uri pe NS-urile sale pentru .\/IN\/NS, adica query pentru nameserverele care deserversc “.”, atunci le puteti bloca usor folosind iptables in felul urmator:<\/p>\n

iptables -A INPUT -j DROP -p UDP –dport 53 -m u32 –u32 “0>>22&0x3C@12>>16=1&&0>>22&0x3C@20>>24=0&&0>>22&0x3C@21=0x00020001”<\/p><\/blockquote>\n

In loc de -A INPUT poate fi -A FORWARD in cazul in care aveti un router bazat pe Linux. Singurul prerequisite este sa aveti in kernel si in iptables suport pentru match-uri u32.<\/p>\n","protected":false},"excerpt":{"rendered":"

Nu stiu cati stiti, da e un dictai atacul indreptat asupra unui ISP de peste ocean (ISPrime) care foloseste ca IP susrsa, IP-urile ISP-ului mentionat mai devreme (spoofed source). Noah, daca vede careva query-uri pe NS-urile sale pentru .\/IN\/NS, adica query pentru nameserverele care deserversc “.”, atunci le puteti bloca usor folosind iptables in felul … Continue reading [geek stuff] dropping .\/IN\/NS queries<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"ngg_post_thumbnail":0,"footnotes":""},"categories":[2],"tags":[7,19,20],"class_list":["post-1366","post","type-post","status-publish","format-standard","hentry","category-diverse","tag-computers","tag-linux","tag-lug"],"_links":{"self":[{"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/posts\/1366","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/comments?post=1366"}],"version-history":[{"count":0,"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/posts\/1366\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/media?parent=1366"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/categories?post=1366"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.imacandi.net\/sin\/blog\/wp-json\/wp\/v2\/tags?post=1366"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}