Search Again: spoofing question From: Brad Michels Date: Sunday, April 6, 2003 Time: 1:04:48 pm Hi, I've received a message from the admin of another system that one of my users is sending messages to members of his system containing inappropriate attachments from the IP address 204.228.81.68. The problem is, this is the address of our QuickDNS server. Does this mean that someone is spoofing our DNS? If so, will adding restrictions to Server Options -> Query restrictions solve this problem? We have 3 class C addresses that use this DNS. Will "Allow localnets" from the pop menu allow lookups from all our own networks? Do you also need a deny statement to eliminate all others? If so, what syntax. I'm running on a G4 tower, Mac OS X server 10.2.4, BIND 8.3.4, and QDNS 4.5. Thanks! "The only thing necessary for the triumph of evil is for good men to do nothing." Edmund Burke Brad Michels Network Administrator East Grand School District Granby, Colorado 970-887-3312 http://egsd.org bmichels@egsd.org

Messages In This Thread: spoofing question by Brad Michels on Apr 6, 2003 at 1:04:48 pm Re: spoofing question by Len Conrad on Apr 6, 2003 at 1:10:18 pm Re: spoofing question by Jeff Folk on Apr 6, 2003 at 1:15:51 pm Re: spoofing question by Brad Michels on Apr 8, 2003 at 8:41:07 am