[unisog] sypware control through black-hole DNS

Isac Balder piis8 at yahoo.com
Wed Feb 1 15:10:57 GMT 2006

We do not have one here however my last job for a
mega-corporate entity used a blackhole router and it
was a very nice heads up to new virus infections.  As
for anti-spyware I'm not sure if that would be as

Blackhole routers as I understand them (or at least as
it was used at my previous job) relies on the address
to be "non-routable" to your internal network. 
Spyware sending most of it's traffic over port 80
would still get routed through the proxy, correct?? 
Then again I may be wrong.

--- Russell Fulton <r.fulton at auckland.ac.nz> wrote:

> Hi All,
> 	the url below describes one approach to dealing
> with spyware.
> http://www.bleedingsnort.com/blackhole-dns/
> We are thinking of trailing this on our campus dns
> servers.  Has anyone
> else done this? Any gotchas that you can think of?
> This would not be a stand alone approach to the
> problem -- we would
> still continue to use antispyware software where
> necessary and continue
> to use snort to monitor spyware and adware activity.
> Russell Fulton
> _______________________________________________
> unisog mailing list
> unisog at lists.sans.org
> http://www.dshield.org/mailman/listinfo/unisog


"Say hello to all the apples on the ground"

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

More information about the unisog mailing list