[Dshield] Spyware Blacklist

Mark Tombaugh mtombaugh at alliedcc.com
Fri Jun 13 03:26:11 GMT 2003

On Thursday 12 June 2003 9:12 pm, Chateauneuf wrote:
> I'm a bit confused. If you are trying to block ads and banners, you can
> do that with a Bind null zone. This site updates their blacklist every
> few days and it works great for me.
> http://pgl.yoyo.org/adservers/
> I use the Bind null zones export but you can also export into IPchains
> commands.  I'd be interested to know which is a better use of resources
> in Linux.

Thanks for the replies. These links are perfect for null routing, but I'm not 
trying to block ads, they are relatively harmless. My goal is to keep browser 
hijackers, data miners, etc off of workstations. Null routing them works fine 
on most networks, but small lans that use external dns servers means lots of 
hosts files, lots of updates etc. Im looking for the registered netblocks of 
spyware distros to block at the perimeter, as well as the ranges that 
distribute the adware itself.

Recently, I've seen more Windows machines than not running adware, some 
causing 3 to 4 browser popups with every new window . It bothers me to sit 
down at a workstation with no open windows, run netstat, and see a couple 
connections to gator or xupiter or anything for that matter. Plus, its 
expensive for everyone to clean this crud so I would rather just keep it out.

More information about the list mailing list