Security Issue - Urgent, Help!!! I got attack!!
Nicholas Yau
kpyau at ec-partners.com
Thu Sep 25 04:55:36 UTC 2003
Some one attack on my server by Flooding and spoofed into DNS
I believe it was my own staff.
Then They are not control because the security is not tide !
I have a Gateway server called
titan.myserv.com
192.168.42.LAN<------->[192.168.42.01]
192.168.43.LAN<------->[192.168.43.01]
192.168.44.LAN<------->[192.168.44.01]
[219.93.238.182]<-->[DSL-219.93.238.181]
subnetmask = 255.255.255.0
/var/named/192.168.42.db = 25 users
/var/named/192.168.43.db = 12 users
/var/named/192.168.44.db = 8 users
* No DHCP, All Manually assigned !
DNS:
-[Cache]
-Internal DNS IP = 192.168.42.1,192.168.43.1,192.168.44.1
-External DNS IP = 202.188.0.133,161.142.0.17....more.
Description Of DNS configuration :
-Forward to external if cant resolved
Help In this :
1. Users can simply point to external/ISP DNS without going throught my
DNS. I dont want this to happen.
2. I only want IP addessses which existed in /var/named/192 <files>
Can do query on the Internal DNS.
3. I hope External DNS is blocked forever, so user cannot directly query
External DNS.
4. I hope A computer without an IP and hostname given by administrator
in the LAN cannot communicate even they dont Have to resolve IP to
Name applications.
Thats all.
*I had gone throught tldp.org but they had less info i want.
Thanks
Nicholas
More information about the test
mailing list