[unisog] sypware control through black-hole DNS

Isac Balder piis8 at yahoo.com
Wed Feb 1 15:10:57 GMT 2006


We do not have one here however my last job for a
mega-corporate entity used a blackhole router and it
was a very nice heads up to new virus infections.  As
for anti-spyware I'm not sure if that would be as
effective.  

Blackhole routers as I understand them (or at least as
it was used at my previous job) relies on the address
to be "non-routable" to your internal network. 
Spyware sending most of it's traffic over port 80
would still get routed through the proxy, correct?? 
Then again I may be wrong.



--- Russell Fulton <r.fulton at auckland.ac.nz> wrote:

> Hi All,
> 	the url below describes one approach to dealing
> with spyware.
> 
> http://www.bleedingsnort.com/blackhole-dns/
> 
> We are thinking of trailing this on our campus dns
> servers.  Has anyone
> else done this? Any gotchas that you can think of?
> 
> This would not be a stand alone approach to the
> problem -- we would
> still continue to use antispyware software where
> necessary and continue
> to use snort to monitor spyware and adware activity.
> 
> Russell Fulton
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog
> 


I.B.

"Say hello to all the apples on the ground"

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


More information about the unisog mailing list