On Thu, 9 Nov 1995, Ralph Mitchell wrote:
> Then how about putting an entry in my internal DNS that points sex.com to
> either a non-existent internal address or to something like a PC running
> Linux+httpd with a single web page that says "Gotcha !" ?? The outside
> world can't see my internal DNS so I won't be polluting anyone elses DNS...
I missed the original, so I could be off on a completely different
Are you applying this to all client applications on your site, so are
therefore looking to prevent all connections to a given site? In which
case, can you not alter the packet filter rules (providing you have a
And if you're just talking about WWW, then how about altering the source
code to filter out URL's that contain keywords that you put in a look up
table. You could filter by protocol, hostname or pathname. OK extra code
= extra possibility of bugs, but it seems straight forward enough to me
(although I've never tried it :-).
Dave Roberts, Unix Systems Administrator, SAA Consultants Ltd, Plymouth, UK.
"smap has the advantage [over bare sendmail] that it was written by somone
who is almost certifiably paranoid" - Brent Chapman, London, 19 Oct 95.