Re: [SLUG] Verisign Annoyance?

• Next message: Eben King: "Re: [SLUG] Verisign Annoyance?"
• Previous message: Eric Jahn: "Re: [SLUG] Question about USB Pen Drive"
• In reply to: Eben King: "Re: [SLUG] Verisign Annoyance?"
• Next in thread: Eben King: "Re: [SLUG] Verisign Annoyance?"
• Reply: Eben King: "Re: [SLUG] Verisign Annoyance?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Eben King wrote:
> On Thu, 25 Sep 2003, Paul M Foster wrote:
>
>
>>I decided to see if I could do something about blocking this at my
>>network. So I inserted a rule in my iptables to block incoming traffic
>>from their sitefinder IP address. In other words, if you misspelled a
>>domain name (what they're counting on), you'd get a packet burst back
>>from their sitefinder IP, which would get dropped at the firewall.
>
>
> I'm toying with the idea of adding a null route to 12.158.80.10
> (sitefinder.verisign.com). I think that would give a different error ("no
> route to host" or some such) than a typo would ("host not found" or some
> such). Problem 1, would that work? and problem 2, how would I do that?
> The first guess for the method would be to add it using a "route" command
> in rc.local . But would that route stay if I brought interfaces down and
> up?
>
> My second guess is to trawl /etc for the word "route" and see where that
> leads. Ideas?

On any Linux box, use:

        /sbin/route add -host 64.94.110.11 reject

or if you have the iproute package in your distro:

        /sbin/ip route add unreachable 64.94.110.11 scope host

On a Debian box, you can add this with an "up" directive in your
/etc/network/interfaces file:

        auto eth0
        iface eth0 inet dhcp
                up /sbin/route add -host 64.94.110.11 reject

On a RedHat <9.0 box, I believe you add something like this to your
/etc/sysconfig/static-routes file:

        eth0 host 64.94.110.11 reject

On a RedHat 9.0 box, you need to add something different to
/etc/sysconfig/network-scripts/route-eth0 instead:

        unreachable 64.94.110.11 scope host

Alternatively, you can always add the aforementioned route lines to your
/etc/rc.local or other init script.

-- 
- Ian C. Blenke <icblenke@nks.net>
(This message bound by the following:
http://www.nks.net/email_disclaimer.html)
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS).  Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

• Next message: Eben King: "Re: [SLUG] Verisign Annoyance?"
• Previous message: Eric Jahn: "Re: [SLUG] Question about USB Pen Drive"
• In reply to: Eben King: "Re: [SLUG] Verisign Annoyance?"
• Next in thread: Eben King: "Re: [SLUG] Verisign Annoyance?"
• Reply: Eben King: "Re: [SLUG] Verisign Annoyance?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:02:57 EDT