Search Again:

Re: how to block AOL IM using DNS spoofing?

From: Men & Mice Support
Date: Wednesday, April 4, 2001
Time: 2:01:49 pm

That person doesn't sound like he knows what he's doing. He's talking
about slave data as if it were hint data - maybe he just confused the
terms in his description.

The only way to do this with QuickDNS is to define a zone named
login.oscar.aol.com. Give it the following records:

login.oscar.aol.com. NS <your server's name here>
login.oscar.aol.com. A 127.0.0.1

Note that this only affects those workstations configured to use your
server as their resolver. If someone points their workstation at an
outside resolver, they'll still be able to use AIM.

Of course, I'll assume that redirecting this one name would stop AIM
anyway. I have no data on the matter, so I make no guarantees. But
the method described above will work to redirect a name to a bogus IP
address for local users.
____________________________________________________________________
Chris Buxton Men & Mice
cbuxton@menandmice.com We Make DNS Easy!

At 5:30 AM -0700 4/4/01, Richard James wrote:
>Hello all,
>
>I want to block use of IM at my site and have discovered that IM is
>a sneaky beast.
>
>I have found references to using DNS to spoof requests for lookups
>of the host "login.oscar.aol.com" so that no valid answer is
>returned.
>
>Not being a DNS guru by any stretch, I am wondering if this is
>doable with QDNS?
>
>Below is a description of what one fellow has done.
>
>Any help is much appreciated.
>
>rj
>
>Query: login.oscar.aol.com. Query type: Any record
>
>Answer:
> login.oscar.aol.com. 2583 A 152.163.242.28
> login.oscar.aol.com. 2583 A 205.188.3.160
> login.oscar.aol.com. 2583 A 205.188.3.176
> login.oscar.aol.com. 2583 A 205.188.5.204
> login.oscar.aol.com. 2583 A 205.188.5.208
> login.oscar.aol.com. 2583 A 152.163.241.120
> login.oscar.aol.com. 2583 A 152.163.241.128
> login.oscar.aol.com. 2583 A 152.163.242.24
>
>The goal was : Have my internal DNS server respond with bogus information
>(loopback address) to queries for specific DNS names that are not inside my
>zone of authority / domain. Use this as another layer of blocking IM &
>related services.
>
>Caveats were:
>- I wanted to do this with DNS configuration files
>- I did not want to have to maintain a full host table for the external
>domains, containing DNS entries that I wanted to resolve correctly
>- I did not want to have to maintain a separate SOA for each individual IP
>address that I was spoofing internally
>
>Accomplished this by configuring my DNS server to hold a secondary / slave
>DNS host table for the external domains, and then defining the entries I
>wanted to spoof in the host tables. I don't have to maintain DNS entries
>that I do want to resolve correctly, since by definition if my local DNS
>doesn't find an entry in the local secondary host table, it will follow the
>normal DNS out to the root servers on the Internet and down to the actual
>authoritative DNS servers for the external domains.
>
>For domains that only have one specific DNS name I want to spoof I defined a
>SOA for that DNS name only, since for a single DNS name its just as much
>administrative overhead to define a secondary / slave as it is to define a
>SOA, and its more aesthetically pleasing.
>
>Specifically, updated the following files (tested on Solaris 2.7 and Linux
>RedHat 6.1) :
>
>[other details snipped]


Messages In This Thread:


Return to Digital Point Solutions' Home Page

home
products
services
support
email lists
optigold isp
optigold isp news
home inspection
inspectrix
java companion
oracle
quickdns pro
search engine
veterinary
tips
employees
free tools
portfolio
jobs
contact

Sales:
888/4-DPOINT

Support:
858/452-3696


Search:
Add this to your site