9front - general discussion about 9front
 help / color / mirror / Atom feed
* [9front] dns tools
@ 2023-01-30  1:52 william
  2023-01-30  2:10 ` Stanley Lieber
  0 siblings, 1 reply; 7+ messages in thread
From: william @ 2023-01-30  1:52 UTC (permalink / raw)
  To: 9front

Do we have any dns tools. Similar to nslookup or dig. I manage to get some info from
ndb/dnsquery but its pretty limited. I would like to look at sbunet info, maybe whois etc...

I have a bunch of russian hackers trying to relay on my server. I have bloked most with retify

but I would like to research more without hopping over to another OS. I would also like to block 
connections to the server if possible. 

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [9front] dns tools
  2023-01-30  1:52 [9front] dns tools william
@ 2023-01-30  2:10 ` Stanley Lieber
  2023-01-30  4:11   ` william
  0 siblings, 1 reply; 7+ messages in thread
From: Stanley Lieber @ 2023-01-30  2:10 UTC (permalink / raw)
  To: 9front

check out iwhois (documented in the tel man page).

also: lookman dns.

the existing tools are fairly manual and rudimentary.

sl

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [9front] dns tools
  2023-01-30  2:10 ` Stanley Lieber
@ 2023-01-30  4:11   ` william
  2023-01-30  4:59     ` Stanley Lieber
  0 siblings, 1 reply; 7+ messages in thread
From: william @ 2023-01-30  4:11 UTC (permalink / raw)
  To: 9front

Do we have any firewall tools? I would like to block some connections. 

I know you can tweak routing by messing with /net/ipifc/clone

Just wanted to know if we have any other ways to block conncetions?



Quoth Stanley Lieber <sl@stanleylieber.com>:
> check out iwhois (documented in the tel man page).
> 
> also: lookman dns.
> 
> the existing tools are fairly manual and rudimentary.
> 
> sl
> 


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [9front] dns tools
  2023-01-30  4:11   ` william
@ 2023-01-30  4:59     ` Stanley Lieber
  2023-01-30  5:27       ` Jacob Moody
  2023-01-31  6:41       ` william
  0 siblings, 2 replies; 7+ messages in thread
From: Stanley Lieber @ 2023-01-30  4:59 UTC (permalink / raw)
  To: 9front

[-- Attachment #1: Type: text/plain, Size: 901 bytes --]

On Jan 29, 2023, at 11:14 PM, william@thinktankworkspaces.com wrote:
> 
> Do we have any firewall tools? I would like to block some connections. 
> 
> I know you can tweak routing by messing with /net/ipifc/clone
> 
> Just wanted to know if we have any other ways to block conncetions?
> 
> 
> 
> Quoth Stanley Lieber <sl@stanleylieber.com>:
>> check out iwhois (documented in the tel man page).
>> 
>> also: lookman dns.
>> 
>> the existing tools are fairly manual and rudimentary.
>> 
>> sl

there’s no generic firewall, but upas has some filtering options. smtpd(8) reads the file /mail/blocked for blocked addresses, and has the -k flag to block ip addresses manually. the validatesender script (called by upas) checks for a spamhaus file at /mail/lib/spamhaus. there are also ratfs(4) and scanmail(8), which provide more complex filtering mechanisms.

sl


          

[-- Attachment #2: Type: text/html, Size: 2240 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [9front] dns tools
  2023-01-30  4:59     ` Stanley Lieber
@ 2023-01-30  5:27       ` Jacob Moody
  2023-01-31  6:41       ` william
  1 sibling, 0 replies; 7+ messages in thread
From: Jacob Moody @ 2023-01-30  5:27 UTC (permalink / raw)
  To: 9front

On 1/29/23 21:59, Stanley Lieber wrote:
> On Jan 29, 2023, at 11:14 PM, william@thinktankworkspaces.com wrote:
>>
>> Do we have any firewall tools? I would like to block some connections.
>>
>> I know you can tweak routing by messing with /net/ipifc/clone
>>
>> Just wanted to know if we have any other ways to block conncetions?
>>
>>
>>
>> Quoth Stanley Lieber <sl@stanleylieber.com>:
>>> check out iwhois (documented in the tel man page).
>>>
>>> also: lookman dns.
>>>
>>> the existing tools are fairly manual and rudimentary.
>>>
>>> sl
> 
> there’s no generic firewall, but upas has some filtering options. smtpd(8) reads the file /mail/blocked for blocked addresses, and has the -k flag to block ip addresses manually. the validatesender script (called by upas) checks for a spamhaus file at /mail/lib/spamhaus. there are also ratfs(4) and scanmail(8), which provide more complex filtering mechanisms.
> 
> sl
> 
>           
> 

You can also use ipmux to sink hole connection using a filter like so:

; aux/dial 'impux!src=bad.ip | bad.ip.2' > /dev/null

You can see the full list of filter parameters in ip(3).
This only impacts incoming connections.


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [9front] dns tools
  2023-01-30  4:59     ` Stanley Lieber
  2023-01-30  5:27       ` Jacob Moody
@ 2023-01-31  6:41       ` william
  2023-01-31  7:58         ` Steve Simon
  1 sibling, 1 reply; 7+ messages in thread
From: william @ 2023-01-31  6:41 UTC (permalink / raw)
  To: 9front

ratfs seems to be working. I'm not getting the mail locally, but they still keep trying

maat Jan 30 21:37:52 ehlo from 185.24.233.112 as ADMIN
maat Jan 30 21:37:52 Hung up on 185.24.233.112; claimed to be ADMIN
maat Jan 30 21:45:59 ehlo from 185.24.233.112 as ADMIN
maat Jan 30 21:45:59 Hung up on 185.24.233.112; claimed to be ADMIN
maat Jan 30 21:49:44 ehlo from 81.161.229.226 as WIN-CLJ1B0GQ6JP
maat Jan 30 21:49:44 Hung up on 81.161.229.226; claimed to be WIN-CLJ1B0GQ6JP
maat Jan 30 21:54:12 ehlo from 185.24.233.112 as ADMIN
maat Jan 30 21:54:12 Hung up on 185.24.233.112; claimed to be ADMIN

I could probably look into scanmail. I might also try blocking from linode, maybe look at some firewall features from
the provider. 

Quoth Stanley Lieber <sl@stanleylieber.com>:
> On Jan 29, 2023, at 11:14 PM, william@thinktankworkspaces.com wrote:
> > 
> > Do we have any firewall tools? I would like to block some connections. 
> > 
> > I know you can tweak routing by messing with /net/ipifc/clone
> > 
> > Just wanted to know if we have any other ways to block conncetions?
> > 
> > 
> > 
> > Quoth Stanley Lieber <sl@stanleylieber.com>:
> >> check out iwhois (documented in the tel man page).
> >> 
> >> also: lookman dns.
> >> 
> >> the existing tools are fairly manual and rudimentary.
> >> 
> >> sl
> 
> there’s no generic firewall, but upas has some filtering options. smtpd(8) reads the file /mail/blocked for blocked addresses, and has the -k flag to block ip addresses manually. the validatesender script (called by upas) checks for a spamhaus file at /mail/lib/spamhaus. there are also ratfs(4) and scanmail(8), which provide more complex filtering mechanisms.
> 
> sl
> 
> 
>           


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [9front] dns tools
  2023-01-31  6:41       ` william
@ 2023-01-31  7:58         ` Steve Simon
  0 siblings, 0 replies; 7+ messages in thread
From: Steve Simon @ 2023-01-31  7:58 UTC (permalink / raw)
  To: 9front


there is also greylisting in smtpd which can put off some bots.

if its a small selection of ip addresses, smtpd can be told to silently drop ip connections from these.

i have a modified ratfs which checks the remote dns name and rejects based on a pattern match. i also added a hex digit pattern (%). the idea was to reject all email from rdns names like:

      line.%.%-adsl.verizon-west.com

this helped with everything else, but sadly i have (after about 15 years) given up receiving email on plan9 and use my isp. $work and kids don't leave enough time to fight the good email fight

-Steve

> On 31 Jan 2023, at 6:44 am, william@thinktankworkspaces.com wrote:
> 
> ratfs seems to be working. I'm not getting the mail locally, but they still keep trying
> 
> maat Jan 30 21:37:52 ehlo from 185.24.233.112 as ADMIN
> maat Jan 30 21:37:52 Hung up on 185.24.233.112; claimed to be ADMIN
> maat Jan 30 21:45:59 ehlo from 185.24.233.112 as ADMIN
> maat Jan 30 21:45:59 Hung up on 185.24.233.112; claimed to be ADMIN
> maat Jan 30 21:49:44 ehlo from 81.161.229.226 as WIN-CLJ1B0GQ6JP
> maat Jan 30 21:49:44 Hung up on 81.161.229.226; claimed to be WIN-CLJ1B0GQ6JP
> maat Jan 30 21:54:12 ehlo from 185.24.233.112 as ADMIN
> maat Jan 30 21:54:12 Hung up on 185.24.233.112; claimed to be ADMIN
> 
> I could probably look into scanmail. I might also try blocking from linode, maybe look at some firewall features from
> the provider. 
> 
> Quoth Stanley Lieber <sl@stanleylieber.com>:
>>> On Jan 29, 2023, at 11:14 PM, william@thinktankworkspaces.com wrote:
>>> 
>>> Do we have any firewall tools? I would like to block some connections. 
>>> 
>>> I know you can tweak routing by messing with /net/ipifc/clone
>>> 
>>> Just wanted to know if we have any other ways to block conncetions?
>>> 
>>> 
>>> 
>>> Quoth Stanley Lieber <sl@stanleylieber.com>:
>>>> check out iwhois (documented in the tel man page).
>>>> 
>>>> also: lookman dns.
>>>> 
>>>> the existing tools are fairly manual and rudimentary.
>>>> 
>>>> sl
>> 
>> there’s no generic firewall, but upas has some filtering options. smtpd(8) reads the file /mail/blocked for blocked addresses, and has the -k flag to block ip addresses manually. the validatesender script (called by upas) checks for a spamhaus file at /mail/lib/spamhaus. there are also ratfs(4) and scanmail(8), which provide more complex filtering mechanisms.
>> 
>> sl
>> 
>> 
>> 
> 

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2023-01-31  8:02 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-30  1:52 [9front] dns tools william
2023-01-30  2:10 ` Stanley Lieber
2023-01-30  4:11   ` william
2023-01-30  4:59     ` Stanley Lieber
2023-01-30  5:27       ` Jacob Moody
2023-01-31  6:41       ` william
2023-01-31  7:58         ` Steve Simon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).