[unisog] sypware control through black-hole DNS
BACHAND, Dave (Info. Tech. Services)
BachandD at easternct.edu
Wed Feb 1 14:05:58 GMT 2006
We haven't done this, but have blocked certain types of spyware via the
network. Our experience is that some types of spyware hijack the
browser so efficiently that the student's computer becomes unusable if
you block the traffic... Seems to be it was I WON or 180 that did this.
Of course it DOES become a self limiting problem at that point :-)
Data Network Manager
Information Technology Services
Eastern Connecticut State University
83 Windham Street
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Russell Fulton
Sent: Tuesday, January 31, 2006 5:04 PM
To: unisog at lists.sans.org
Subject: [unisog] sypware control through black-hole DNS
the url below describes one approach to dealing with spyware.
We are thinking of trailing this on our campus dns servers. Has anyone
else done this? Any gotchas that you can think of?
This would not be a stand alone approach to the problem -- we would
still continue to use antispyware software where necessary and continue
to use snort to monitor spyware and adware activity.
unisog mailing list
unisog at lists.sans.org
More information about the unisog