Security Issue - Urgent, Help!!! I got attack!!

Nicholas Yau kpyau at ec-partners.com
Thu Sep 25 04:55:36 UTC 2003


Some one attack on my server by Flooding and spoofed into DNS
I believe it was my own staff.
Then They are not control because the security is not tide !



I have a Gateway server called

titan.myserv.com
192.168.42.LAN<------->[192.168.42.01]
192.168.43.LAN<------->[192.168.43.01]
192.168.44.LAN<------->[192.168.44.01]
                       [219.93.238.182]<-->[DSL-219.93.238.181]

subnetmask = 255.255.255.0

/var/named/192.168.42.db = 25 users
/var/named/192.168.43.db = 12 users
/var/named/192.168.44.db =  8 users

* No DHCP, All Manually assigned !

DNS:
-[Cache]
-Internal DNS IP = 192.168.42.1,192.168.43.1,192.168.44.1
-External DNS IP = 202.188.0.133,161.142.0.17....more.

Description Of DNS configuration :
-Forward to external if cant resolved



Help In this :
1. Users can simply point to external/ISP DNS without going throught my
    DNS. I dont want this to happen.
2. I only want IP addessses which existed in /var/named/192 <files>
    Can do query on the Internal DNS.
3. I hope External DNS is blocked forever, so user cannot directly query
    External DNS.
4. I hope A computer without an IP and hostname given by administrator
    in the LAN cannot communicate even they dont Have to resolve IP to
    Name applications.

Thats all.

*I had gone throught tldp.org but they had less info i want.

Thanks

Nicholas











More information about the fedora-test-list mailing list