[unisog] sypware control through black-hole DNS

BACHAND, Dave (Info. Tech. Services) BachandD at easternct.edu
Wed Feb 1 14:05:58 GMT 2006


We haven't done this, but have blocked certain types of spyware via the
network.  Our experience is that some types of spyware hijack the
browser so efficiently that the student's computer becomes unusable if
you block the traffic... Seems to be it was I WON or 180 that did this.
Of course it DOES become a self limiting problem at that point :-)

Dave Bachand
Data Network Manager
Information Technology Services
Eastern Connecticut State University
83 Windham Street
Willimantic, CT
Tel. (860)465-5376

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Russell Fulton
Sent: Tuesday, January 31, 2006 5:04 PM
To: unisog at lists.sans.org
Subject: [unisog] sypware control through black-hole DNS

Hi All,
	the url below describes one approach to dealing with spyware.


We are thinking of trailing this on our campus dns servers.  Has anyone
else done this? Any gotchas that you can think of?

This would not be a stand alone approach to the problem -- we would
still continue to use antispyware software where necessary and continue
to use snort to monitor spyware and adware activity.

Russell Fulton

unisog mailing list
unisog at lists.sans.org

More information about the unisog mailing list