Search Again: Re: how to block AOL IM using DNS spoofing? From: Richard James Date: Thursday, April 5, 2001 Time: 3:44:51 pm Subject: Re: how to block AOL IM using DNS spoofing? From: "Men & Mice Support" <cbuxton@menandmice.com> Date: Thu, 5 Apr 2001 15:02:42 -0700 At 5:14 PM -0400 4/5/01, miles wrote: > >The only way to do this with QuickDNS is to define a zone named > >login.oscar.aol.com. Give it the following records: > > > > login.oscar.aol.com. NS <your server's name here> > > login.oscar.aol.com. A 127.0.0.1 > > > >Note that this only affects those workstations configured to > >use your server as their resolver. If someone points their > >workstation at an outside resolver, they'll still be able to use AIM. > > > >Of course, I'll assume that redirecting this one name would > >stop AIM anyway. I have no data on the matter, so I make no > >guarantees. But the method described above will work to > >redirect a name to a bogus IP address for local users. > >Chris, > >I have to say that thought NEVER would have occurred to me >at all. Very Sneaky! > >Of course there is another option and thats to stop the >protocol at the Firewall to begin with... The trouble with blocking AIM with a standard firewall is, it doesn't use a consistent destination port. In face, if you just block one port, it will keep trying other ports, including 80. And if you block just one destination IP address, it will try all the others. BTW: It was this sort of DNS-based redirection that redirected Nike's website for a large number of people in Scotland last year - all those for whom DNS resolution was handled by a certain server. ____________________________________________________________________ Chris Buxton Men & Mice cbuxton@menandmice.com We Make DNS Easy! ---------------------------------------------------------------------- I understand that AIM tries different ports via which to talk to login.oscar.aol.com. That is why I cannot simply add entries to my ACL in the access router. My thinking is, if I can deny access to that host altogether (by tricking it via a faulty DNS resolution) I can stop the conversation that way. If I enter DNS into Open Transport and then lock it so that users are unable to change it, I deny them from trying any other DNS than mine. This would work, wouldn't it? Thanks, rj

Messages In This Thread: how to block AOL IM using DNS spoofing? by Richard James on Apr 4, 2001 at 5:31:23 am Re: how to block AOL IM using DNS spoofing? by Men & Mice Support on Apr 4, 2001 at 2:01:49 pm Re: how to block AOL IM using DNS spoofing? by miles on Apr 5, 2001 at 2:34:12 pm Re: how to block AOL IM using DNS spoofing? by Men & Mice Support on Apr 5, 2001 at 3:06:04 pm Re: how to block AOL IM using DNS spoofing? by Richard James on Apr 5, 2001 at 3:44:51 pm Re: how to block AOL IM using DNS spoofing? by Global Homes Webmaster on Apr 5, 2001 at 3:54:46 pm Re: how to block AOL IM using DNS spoofing? by Men & Mice Support on Apr 5, 2001 at 4:06:32 pm Re: how to block AOL IM using DNS spoofing? by Aaron Lynch on Apr 5, 2001 at 4:10:19 pm Re: how to block AOL IM using DNS spoofing? by Global Homes Webmaster on Apr 5, 2001 at 4:24:04 pm