From owner-freebsd-isp Wed Aug 11 12:50:52 1999 Delivered-To: freebsd-isp@freebsd.org Received: from irc.ircnet.dk (irc.ircnet.dk [195.215.15.254]) by hub.freebsd.org (Postfix) with ESMTP id C02B614BFA for ; Wed, 11 Aug 1999 12:50:40 -0700 (PDT) (envelope-from robert@ircnet.dk) Received: from localhost (robert@localhost) by irc.ircnet.dk (8.9.3/8.9.1) with ESMTP id VAA07408; Wed, 11 Aug 1999 21:50:21 +0200 (CEST) (envelope-from robert@ircnet.dk) Date: Wed, 11 Aug 1999 21:50:20 +0200 (CEST) From: =?ISO-8859-1?Q?Robert_Martin-Leg=E8ne?= To: Michael Butler Cc: freebsd-isp@FreeBSD.ORG Subject: Re: www.tzo.com hijacks DNS?? In-Reply-To: <37b5b9bc.43485477@mail.tgn.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, 11 Aug 1999, Michael Butler wrote: > This may be old stuff but is anyone getting dns mods fromtzo.com > hijacking ip addresses to their domains? >=20 > What do we do about it? >=20 > see www.tzo.com >=20 > They're about to be cut off at the FW If you run BIND you probably don't need to do a lot, since it by default rejects them. DK Hostmaster got a lot of these and I wrote a layer 5 (I believe it's layer 5) divert-thingie that drops any UDP DNS packet crossing your FreeBSD with the opcode of UPDATE (=3D5). If anyones interested in buying a copy, please contact me (expect 2 week response as I'm going travelling in a few days) -- Robert Martin-Leg=E8ne To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message