Sunday, June 20, 2010

DNS sinkhole ISO image

Guy Bruneau has created a DNS sinkhole ISO image, available for 32-bit and 64-bit.
sinkhole is using 3 public lists for known bad domains (Malware Domain Blocklist, Zeus Tracker, and SRI malware list).
A step-by-step guide is available here.

I will be waiting for other lists to be added, such as Phishtank, GoogleSafeBrowsing, XSSED, and others.

DNS can be used effectively to detect and prevent infection inside a network, such as checking the cached entries on your DNS servers for bad hosts.

I do not know exactly if vendors are implementing such DNS filtering on their products, maybe on the IPS level.

update:
check this clarification on tracking the clients.

Update:
Here is an updated detailed paper from Guy Bruneau.

No comments: