Sunday, June 20, 2010

DNS sinkhole ISO image

Guy Bruneau has created a DNS sinkhole ISO image, available for 32-bit and 64-bit.
sinkhole is using 3 public lists for known bad domains (Malware Domain Blocklist, Zeus Tracker, and SRI malware list).
A step-by-step guide is available here.

I will be waiting for other lists to be added, such as Phishtank, GoogleSafeBrowsing, XSSED, and others.

DNS can be used effectively to detect and prevent infection inside a network, such as checking the cached entries on your DNS servers for bad hosts.

I do not know exactly if vendors are implementing such DNS filtering on their products, maybe on the IPS level.

check this clarification on tracking the clients.

Here is an updated detailed paper from Guy Bruneau.