pattern matching in hosts.deny - Setup

This is a discussion on pattern matching in hosts.deny - Setup ; I want to block any hosts that have at least two numeric numbers at the 3rd level of their host names, I.E., 181-8cc.xxx.com. right now i have something like all: *0*.*.com all: *1*.*.com and so forth... but this will catch ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: pattern matching in hosts.deny

  1. pattern matching in hosts.deny

    I want to block any hosts that have at least two numeric numbers at the
    3rd level of their host names, I.E., 181-8cc.xxx.com. right now i have
    something like
    all: *0*.*.com
    all: *1*.*.com and so forth...

    but this will catch hosts with only one numeric number in its name, too.
    i'm wondering if it is possible to specify at least 2 numbers for a match,
    and if so, how? thanks.


  2. Re: pattern matching in hosts.deny

    On Thu, 25 Oct 2007, in the Usenet newsgroup comp.os.linux.setup, in article
    , dayday@daydayday.info wrote:

    >I want to block any hosts that have at least two numeric numbers at
    >the 3rd level of their host names, I.E., 181-8cc.xxx.com.


    Understand that trying to block by _names_ is subject to DNS spoofing,
    and doesn't work when the id10t who is running the DNS server fails
    to configure PTR records for all systems.

    >right now i have something like
    >all: *0*.*.com
    >all: *1*.*.com and so forth...
    >
    >but this will catch hosts with only one numeric number in its name, too.


    By classic 'regular expressions' - that is what you told it to do. The
    '*0*' means "contains _A_ zero followed by none or more of the same
    character" - so xxx0 is OK, as is xxx00, xxx000, xxx0000, and so on.

    >i'm wondering if it is possible to specify at least 2 numbers for a match,
    >and if so, how? thanks.


    Why does this sound like a homework problem? Did you try *[0-9][0-9].*
    or *0+.* (and so on - you may need to escape the '+') or similar?

    Note that in the real world, this method of blocking is virtually useless.
    Please re-read the 'hosts_access'(5) man page, and pay attention to the
    logic of 'permitted' and 'blocked', and the fact that if not permitted
    in /etc/hosts.allow, AND not specifically blocked in /etc/hosts.deny,
    then the connection is allowed.

    You may find it easier to implement this bizarre logic in any standard
    firewall, but it's totally dependent on the DNS PTR records, and thus
    probably doomed to failure.

    Old guy

+ Reply to Thread