[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [other] Re: blocking new version of kazaa
- To: jared r r spiegel <jrrs@ice-nine.org>
- Subject: Re: [other] Re: blocking new version of kazaa
- From: Gunnar Wolf <gwolf@gwolf.cx>
- Date: Fri, 1 Aug 2003 11:07:21 -0500
- Cc: misc@openbsd.org
- Content-Disposition: inline
- References: <20030730144453.A7FE21A02A4@smtp-1.hotpop.com> <3F27F6AD.D7357F9@holland-consulting.net> <86r847b710.fsf@home.nest.cx> <3F2934EC.9050502@ieee.org> <20030801045118.GA581@ice-nine.org>
- User-Agent: Mutt/1.5.4i
jared r r spiegel dijo [Thu, Jul 31, 2003 at 10:51:18PM -0600]:
> (...)
> would, then, something like
>
> rdr in on $int_if inet proto udp from $int_if:network to any port 53 -> \
> $nameserver_IP
>
> be a good addition to the solution?
>
> if you can redirect to you any DNS queries from the network, rather than
> just run authoritative wrong-answers for the 'kazaa.com' zone ( et all )
> on the server they only happen to use because their PCs are using
> DHCP to pull down what nameserver to use, then you might keep them from
> being able to populate their HOSTS file, assuming they find out what it
> is.
Ugh, I don't like it...
I am behind a DSL router/802.11b AP, and it does precisely what you say.
I am not particularly happy about this breakage it gives me:
$ dig @openbsd.org www.openbsd.org
;; reply from unexpected source: 10.0.0.254#53, expected 199.185.137.3#53
;; reply from unexpected source: 10.0.0.254#53, expected 199.185.137.3#53
; <<>> DiG 9.2.2 <<>> @openbsd.org www.openbsd.org
;; global options: printcmd
;; connection timed out; no servers could be reached
So... Well, it's up to you to do it, but yes, it does make life more
painful for system/network administrators.
--
Gunnar Wolf - gwolf@gwolf.cx - (+52-55)5630-9700 ext. 1366
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973 F800 D80E F35A 8BB5 27AF