Re: DNS poisoning block list?
From: Jem Berkes (jb_at_users.pc9.org)
Date: 04/06/05
- Next message: Jem Berkes: "Re: DNS poisoning block list?"
- Previous message: Bit Twister: "Re: DNS poisoning block list?"
- In reply to: Newsbox: "DNS poisoning block list?"
- Next in thread: Newsbox: "Re: DNS poisoning block list?"
- Reply: Newsbox: "Re: DNS poisoning block list?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 6 Apr 2005 04:54:58 GMT
> What I had in mind was that if there were an updated list (maybe the
> list at SANS would be fine?) of the mal-sites seen in the poisoning
> thing, I could automatically retrieve the list and generate iptables
> firewall rules that would block OUTGOING GET requests to those sites.
> Is this necessary, advisable, possible, already done...? I don't
> know. That's my question.
I would take one of the known malware sites and plug it into
www.dnsstuff.com
See if it shows up on any blocklists. If there's a blocklist that seems to
be getting them (I would guess AHBL, CBL, Spamhaus) then you could use that
blocklist. They should be available via rsync, if you ask the right guy.
-- Jem Berkes Software design for Windows and Linux/Unix-like systems http://www.sysdesign.ca/
- Next message: Jem Berkes: "Re: DNS poisoning block list?"
- Previous message: Bit Twister: "Re: DNS poisoning block list?"
- In reply to: Newsbox: "DNS poisoning block list?"
- Next in thread: Newsbox: "Re: DNS poisoning block list?"
- Reply: Newsbox: "Re: DNS poisoning block list?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
