On Fri, 2011-02-18 at 18:32 -0500, Lamar Owen wrote: > On Friday, February 18, 2011 04:15:28 pm Always Learning wrote: > > Don't understand what you mean by 'within our /19'. > I think I do; he's an ISP, and apparently someone inside his address block > ... has hacked in some way the zone file(s) or the cache for his > nameserver so that his customers, who would ordinarily use his DNS > server as their recursive resolver, now see www.yahoo.com (among who > knows what others) as pointing to a different address .... Thank you for explaining Larry had his DNS servers hacked or poisoned. > .... to prevent such things I would recommend to Larry that he use the > great iptables tools that CentOS provides ... > ... to restrict the addresses that can actually ssh into his server, > and only allow port 53 UDP and TCP traffic into and out of his DNS > servers to his customers. Agreed. IPtables is a very useful tool to block unauthorised accesses in and (heaven forbid) out of one's servers. Every server is screwed down to the barest minimum and every port that can be changed from its default is. No servers share the same non-standard port numbers. SSH access is limited to 3 static IP addresses. Aggressive blocking with IPtables can prevent a lot of time wasting aggro. I also ban some Chinese blocks and even more Taiwan blocks from port 80 to reduce web hacking and lots of Taiwanese blocks from port 25. -- With best regards, Paul. England, EU.