Jonathan Ben-Avraham wrote:
>
> On Mon, 25 Dec 2000, Alon Oz wrote:
>
> > Jonathan Ben-Avraham wrote:
> > >
> > > On Mon, 25 Dec 2000, Alon Oz wrote:
> > >
> > > > Jonathan Ben-Avraham wrote:
> > > > >
> > > > > On Mon, 25 Dec 2000, System1 wrote:
> > > > >
> > > > > >
> > > > > > Hi,
> > > > > > we are using here IPChains Firewall.
> > > > > > Is there anyway to block complete domain such as *.icq.com ?
> > > > >
> > > > > No, not with ipchains, because -s accepts only a hostname, network address
> > > > > or plain IP address
> > > > >
> > > > You dig all the domains under icq.com and add block rules for it in a
> > > > loop.
> > >
> > > Very nice.
> > > How do I write the loop?
> >
> > 1. I just checked icq.com and you cannot dig the domains under it.
> > 2. You have another option: nslookup icq.com returns 3 ip addresses,
> > scan these blocks for .icq.com pattern and block the ones you find,
> > it's not perfect but it's better than nothing
> > and i assume it will solve your problem.
> > You can write the script with any scriping language
> > (you can search the web for shell scripting tutorial)
>
> Ok, but my experience with these IP's is that they change every year or
> so. So isn't it better to block at the service level and not at the IP
> level?
A bit more logical, but you asked about blocking the domain :).
Block all the icq ports and that's it.
--
Alon Oz,
Aduva Research Team,
Mailto: [EMAIL PROTECTED]
--
A proud member in the Evil Linux cyberterrorist hackers (ELCH)
organization
A who can launch Denial of Service attacks against the embedded devices
in your 6-slice toaster with advanced pingflood Open Source classified
exploit codes hidden inside strongly encrypted Russian mafia pornography
that innocent American children download from online gambling web sites
located in the Northern Mariana Islands
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
