* [9front] dns tools
@ 2023-01-30 1:52 william
2023-01-30 2:10 ` Stanley Lieber
0 siblings, 1 reply; 7+ messages in thread
From: william @ 2023-01-30 1:52 UTC (permalink / raw)
To: 9front
Do we have any dns tools. Similar to nslookup or dig. I manage to get some info from
ndb/dnsquery but its pretty limited. I would like to look at sbunet info, maybe whois etc...
I have a bunch of russian hackers trying to relay on my server. I have bloked most with retify
but I would like to research more without hopping over to another OS. I would also like to block
connections to the server if possible.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9front] dns tools
2023-01-30 1:52 [9front] dns tools william
@ 2023-01-30 2:10 ` Stanley Lieber
2023-01-30 4:11 ` william
0 siblings, 1 reply; 7+ messages in thread
From: Stanley Lieber @ 2023-01-30 2:10 UTC (permalink / raw)
To: 9front
check out iwhois (documented in the tel man page).
also: lookman dns.
the existing tools are fairly manual and rudimentary.
sl
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9front] dns tools
2023-01-30 2:10 ` Stanley Lieber
@ 2023-01-30 4:11 ` william
2023-01-30 4:59 ` Stanley Lieber
0 siblings, 1 reply; 7+ messages in thread
From: william @ 2023-01-30 4:11 UTC (permalink / raw)
To: 9front
Do we have any firewall tools? I would like to block some connections.
I know you can tweak routing by messing with /net/ipifc/clone
Just wanted to know if we have any other ways to block conncetions?
Quoth Stanley Lieber <sl@stanleylieber.com>:
> check out iwhois (documented in the tel man page).
>
> also: lookman dns.
>
> the existing tools are fairly manual and rudimentary.
>
> sl
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9front] dns tools
2023-01-30 4:11 ` william
@ 2023-01-30 4:59 ` Stanley Lieber
2023-01-30 5:27 ` Jacob Moody
2023-01-31 6:41 ` william
0 siblings, 2 replies; 7+ messages in thread
From: Stanley Lieber @ 2023-01-30 4:59 UTC (permalink / raw)
To: 9front
[-- Attachment #1: Type: text/plain, Size: 901 bytes --]
On Jan 29, 2023, at 11:14 PM, william@thinktankworkspaces.com wrote:
>
> Do we have any firewall tools? I would like to block some connections.
>
> I know you can tweak routing by messing with /net/ipifc/clone
>
> Just wanted to know if we have any other ways to block conncetions?
>
>
>
> Quoth Stanley Lieber <sl@stanleylieber.com>:
>> check out iwhois (documented in the tel man page).
>>
>> also: lookman dns.
>>
>> the existing tools are fairly manual and rudimentary.
>>
>> sl
there’s no generic firewall, but upas has some filtering options. smtpd(8) reads the file /mail/blocked for blocked addresses, and has the -k flag to block ip addresses manually. the validatesender script (called by upas) checks for a spamhaus file at /mail/lib/spamhaus. there are also ratfs(4) and scanmail(8), which provide more complex filtering mechanisms.
sl
[-- Attachment #2: Type: text/html, Size: 2240 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9front] dns tools
2023-01-30 4:59 ` Stanley Lieber
@ 2023-01-30 5:27 ` Jacob Moody
2023-01-31 6:41 ` william
1 sibling, 0 replies; 7+ messages in thread
From: Jacob Moody @ 2023-01-30 5:27 UTC (permalink / raw)
To: 9front
On 1/29/23 21:59, Stanley Lieber wrote:
> On Jan 29, 2023, at 11:14 PM, william@thinktankworkspaces.com wrote:
>>
>> Do we have any firewall tools? I would like to block some connections.
>>
>> I know you can tweak routing by messing with /net/ipifc/clone
>>
>> Just wanted to know if we have any other ways to block conncetions?
>>
>>
>>
>> Quoth Stanley Lieber <sl@stanleylieber.com>:
>>> check out iwhois (documented in the tel man page).
>>>
>>> also: lookman dns.
>>>
>>> the existing tools are fairly manual and rudimentary.
>>>
>>> sl
>
> there’s no generic firewall, but upas has some filtering options. smtpd(8) reads the file /mail/blocked for blocked addresses, and has the -k flag to block ip addresses manually. the validatesender script (called by upas) checks for a spamhaus file at /mail/lib/spamhaus. there are also ratfs(4) and scanmail(8), which provide more complex filtering mechanisms.
>
> sl
>
>
>
You can also use ipmux to sink hole connection using a filter like so:
; aux/dial 'impux!src=bad.ip | bad.ip.2' > /dev/null
You can see the full list of filter parameters in ip(3).
This only impacts incoming connections.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9front] dns tools
2023-01-30 4:59 ` Stanley Lieber
2023-01-30 5:27 ` Jacob Moody
@ 2023-01-31 6:41 ` william
2023-01-31 7:58 ` Steve Simon
1 sibling, 1 reply; 7+ messages in thread
From: william @ 2023-01-31 6:41 UTC (permalink / raw)
To: 9front
ratfs seems to be working. I'm not getting the mail locally, but they still keep trying
maat Jan 30 21:37:52 ehlo from 185.24.233.112 as ADMIN
maat Jan 30 21:37:52 Hung up on 185.24.233.112; claimed to be ADMIN
maat Jan 30 21:45:59 ehlo from 185.24.233.112 as ADMIN
maat Jan 30 21:45:59 Hung up on 185.24.233.112; claimed to be ADMIN
maat Jan 30 21:49:44 ehlo from 81.161.229.226 as WIN-CLJ1B0GQ6JP
maat Jan 30 21:49:44 Hung up on 81.161.229.226; claimed to be WIN-CLJ1B0GQ6JP
maat Jan 30 21:54:12 ehlo from 185.24.233.112 as ADMIN
maat Jan 30 21:54:12 Hung up on 185.24.233.112; claimed to be ADMIN
I could probably look into scanmail. I might also try blocking from linode, maybe look at some firewall features from
the provider.
Quoth Stanley Lieber <sl@stanleylieber.com>:
> On Jan 29, 2023, at 11:14 PM, william@thinktankworkspaces.com wrote:
> >
> > Do we have any firewall tools? I would like to block some connections.
> >
> > I know you can tweak routing by messing with /net/ipifc/clone
> >
> > Just wanted to know if we have any other ways to block conncetions?
> >
> >
> >
> > Quoth Stanley Lieber <sl@stanleylieber.com>:
> >> check out iwhois (documented in the tel man page).
> >>
> >> also: lookman dns.
> >>
> >> the existing tools are fairly manual and rudimentary.
> >>
> >> sl
>
> there’s no generic firewall, but upas has some filtering options. smtpd(8) reads the file /mail/blocked for blocked addresses, and has the -k flag to block ip addresses manually. the validatesender script (called by upas) checks for a spamhaus file at /mail/lib/spamhaus. there are also ratfs(4) and scanmail(8), which provide more complex filtering mechanisms.
>
> sl
>
>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [9front] dns tools
2023-01-31 6:41 ` william
@ 2023-01-31 7:58 ` Steve Simon
0 siblings, 0 replies; 7+ messages in thread
From: Steve Simon @ 2023-01-31 7:58 UTC (permalink / raw)
To: 9front
there is also greylisting in smtpd which can put off some bots.
if its a small selection of ip addresses, smtpd can be told to silently drop ip connections from these.
i have a modified ratfs which checks the remote dns name and rejects based on a pattern match. i also added a hex digit pattern (%). the idea was to reject all email from rdns names like:
line.%.%-adsl.verizon-west.com
this helped with everything else, but sadly i have (after about 15 years) given up receiving email on plan9 and use my isp. $work and kids don't leave enough time to fight the good email fight
-Steve
> On 31 Jan 2023, at 6:44 am, william@thinktankworkspaces.com wrote:
>
> ratfs seems to be working. I'm not getting the mail locally, but they still keep trying
>
> maat Jan 30 21:37:52 ehlo from 185.24.233.112 as ADMIN
> maat Jan 30 21:37:52 Hung up on 185.24.233.112; claimed to be ADMIN
> maat Jan 30 21:45:59 ehlo from 185.24.233.112 as ADMIN
> maat Jan 30 21:45:59 Hung up on 185.24.233.112; claimed to be ADMIN
> maat Jan 30 21:49:44 ehlo from 81.161.229.226 as WIN-CLJ1B0GQ6JP
> maat Jan 30 21:49:44 Hung up on 81.161.229.226; claimed to be WIN-CLJ1B0GQ6JP
> maat Jan 30 21:54:12 ehlo from 185.24.233.112 as ADMIN
> maat Jan 30 21:54:12 Hung up on 185.24.233.112; claimed to be ADMIN
>
> I could probably look into scanmail. I might also try blocking from linode, maybe look at some firewall features from
> the provider.
>
> Quoth Stanley Lieber <sl@stanleylieber.com>:
>>> On Jan 29, 2023, at 11:14 PM, william@thinktankworkspaces.com wrote:
>>>
>>> Do we have any firewall tools? I would like to block some connections.
>>>
>>> I know you can tweak routing by messing with /net/ipifc/clone
>>>
>>> Just wanted to know if we have any other ways to block conncetions?
>>>
>>>
>>>
>>> Quoth Stanley Lieber <sl@stanleylieber.com>:
>>>> check out iwhois (documented in the tel man page).
>>>>
>>>> also: lookman dns.
>>>>
>>>> the existing tools are fairly manual and rudimentary.
>>>>
>>>> sl
>>
>> there’s no generic firewall, but upas has some filtering options. smtpd(8) reads the file /mail/blocked for blocked addresses, and has the -k flag to block ip addresses manually. the validatesender script (called by upas) checks for a spamhaus file at /mail/lib/spamhaus. there are also ratfs(4) and scanmail(8), which provide more complex filtering mechanisms.
>>
>> sl
>>
>>
>>
>
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2023-01-31 8:02 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-01-30 1:52 [9front] dns tools william
2023-01-30 2:10 ` Stanley Lieber
2023-01-30 4:11 ` william
2023-01-30 4:59 ` Stanley Lieber
2023-01-30 5:27 ` Jacob Moody
2023-01-31 6:41 ` william
2023-01-31 7:58 ` Steve Simon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).