[Dshield] Spyware Blacklist
mtombaugh at alliedcc.com
Fri Jun 13 03:26:11 GMT 2003
On Thursday 12 June 2003 9:12 pm, Chateauneuf wrote:
> I'm a bit confused. If you are trying to block ads and banners, you can
> do that with a Bind null zone. This site updates their blacklist every
> few days and it works great for me.
> I use the Bind null zones export but you can also export into IPchains
> commands. I'd be interested to know which is a better use of resources
> in Linux.
Thanks for the replies. These links are perfect for null routing, but I'm not
trying to block ads, they are relatively harmless. My goal is to keep browser
hijackers, data miners, etc off of workstations. Null routing them works fine
on most networks, but small lans that use external dns servers means lots of
hosts files, lots of updates etc. Im looking for the registered netblocks of
spyware distros to block at the perimeter, as well as the ranges that
distribute the adware itself.
Recently, I've seen more Windows machines than not running adware, some
causing 3 to 4 browser popups with every new window . It bothers me to sit
down at a workstation with no open windows, run netstat, and see a couple
connections to gator or xupiter or anything for that matter. Plus, its
expensive for everyone to clean this crud so I would rather just keep it out.
More information about the list