Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How do I block all ips of the yahoo.com network? 1
- Thread starter john99999
- Start date
-
1
- #2
sleipnir214
Programmer
I would use nslookup or dig to figure out to what address(es) resolves. Then I would take those addresses to the ARIN whois lookup ( and find out to what netblocks that/those addresses fall belong. You may have to follow the address registrations to the RIPE whois ( APNIC whois ( LACNIC whois ( or AFRINIC whois ( to get the netblock information for each address.
If any of these whois entries lists a domain name server or other FQDN, look up the addresses of those servers and check those numbers with ARIN, RIPE, etc.
Just to be paranoid, I might perform an nslookup for MX records for yahoo.com, perform network center whois queries against those addresses and get their netblocks.
Further paranoia might induce me to perform checks similar to all of the above for yahoo.fr and yahoo.jp, too.
Then I would block all those netblocks in my iptables firewall.
Want the best answers? Ask the best questions!
TANSTAAFL!!
If any of these whois entries lists a domain name server or other FQDN, look up the addresses of those servers and check those numbers with ARIN, RIPE, etc.
Just to be paranoid, I might perform an nslookup for MX records for yahoo.com, perform network center whois queries against those addresses and get their netblocks.
Further paranoia might induce me to perform checks similar to all of the above for yahoo.fr and yahoo.jp, too.
Then I would block all those netblocks in my iptables firewall.
Want the best answers? Ask the best questions!
TANSTAAFL!!
Or ask yahoo themselves?
D.E.R. Management - IT Project Management Consulting
D.E.R. Management - IT Project Management Consulting
sleipnir214
Programmer
thedaver:
I tried asking Yahoo once. After several days of the "you might talk to [foo]" dance, I got nowhere.
TheGrey:
To the best of my knowledge, /etc/hosts.deny is only used by the tcpd daemon and a few other applications which are programmed to read it. I don't believe the kernel, which is the heart of the Linux firewall, pays any attention to it.
Want the best answers? Ask the best questions!
TANSTAAFL!!
I tried asking Yahoo once. After several days of the "you might talk to [foo]" dance, I got nowhere.
TheGrey:
To the best of my knowledge, /etc/hosts.deny is only used by the tcpd daemon and a few other applications which are programmed to read it. I don't believe the kernel, which is the heart of the Linux firewall, pays any attention to it.
Want the best answers? Ask the best questions!
TANSTAAFL!!
Why not use a proxy for this sort of stuff? Stick SQUID on your box and configure it to deny access to *.yahoo.com. Firewalls aren't really designed for managing access above Layer 3. A Layer 4+ filter is better for that. That's where Squid comes in.
Again, I would suggest you look at Smoothwall Express and it's mods - Advanced WebProxy + DansGuardian + ClamAV + AdZapper. With this beastie fronting your network you're laughing. Even if you don't use the firewall elements of it, just having it as a web proxy works a dream as well. Then you can deny any machine on your internal network access to the Internet except for the Smoothwall box.
Again, I would suggest you look at Smoothwall Express and it's mods - Advanced WebProxy + DansGuardian + ClamAV + AdZapper. With this beastie fronting your network you're laughing. Even if you don't use the firewall elements of it, just having it as a web proxy works a dream as well. Then you can deny any machine on your internal network access to the Internet except for the Smoothwall box.
- Status
Similar threads
