How to block DNS record scans ?
Stefan Gofferje
stefan at gofferje.homelinux.org
Wed Apr 20 06:50:27 UTC 2005
Brett schrieb:
>Find out the ip of the user scanning your domain, report them to their
>provider for abuse and then blackhole them on your server.
>
>
As a first step... agreed.
But that shoudn't be the final solutions as he will be always one step
behind a possible attacker. I would strongly suggest an intelligent IDS
/ IPS which recognizes such attacks and blocks them dynamically.
Regards,
Stefan
--
(o_ Stefan Gofferje | Linux Systems Specialist
//\ Reg'd Linux User #247167 | Network Security Specialist
V_/_ Heckler & Koch - the original point and click interface
More information about the bind-users
mailing list