Yes but, pr0n sites are not necessarily malware sites or vice versa. Yes, pr0n sites are often malware sites, but they aren't the same thing
...Tim From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 2008 10:30 AM To: NT System Admin Issues Subject: Re: DNS Wildcard zones for malware protection Times ave changed. pr0n is its own category. There are almost 50 seperate categories now. On Tue, Mar 18, 2008 at 9:54 AM, Tim Evans <[EMAIL PROTECTED]> wrote: The problem with Openness is that their filtering is for pron, and similar listings. malwaredomains.com <http://www.malwaredomains.com/> lists domains known to be serving malware, and I don't see any similar category on OpenDNS. I checked a few random domains from their lists and OpenDNS didn't block them. That's too bad, because that would be an ideal solution. ...Tim From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Monday, March 17, 2008 7:05 PM To: NT System Admin Issues Subject: RE: DNS Wildcard zones for malware protection OpenDNS provides filtering by category now. Could you perhaps integrate that into your DNS strategy? Roger Wright Network Administrator 727.572.7076 x388 ____ Fisherman's Credo: Fillet and Release. From: Tim Evans [mailto:[EMAIL PROTECTED] Sent: Monday, March 17, 2008 7:40 PM To: NT System Admin Issues Subject: DNS Wildcard zones for malware protection I've been looking at HYPERLINK "http://www.malwaredomains.com <http://www.malwaredomains.com/> "www.malwaredomains.com <http://www.malwaredomains.com/> and thinking about setting up a block list using their list of malicious domains. I'm thinking about doing this by setting up a wildcard zone for each domain on our DNS server. Right now, the list has almost 20,000 domains. We're running Windows 2003 domain & forest functional mode, with AD integrated zones. Our DNS servers are for internal use only and are not publicly accessible. Here is the batch file I'm planning to use: wget http://www.malwaredomains.com/files/domains.txt for /F "eol=# tokens=1 " %%f in (domains.txt) do @echo %%f >>file.txt for /F %%f in (file.txt) do dnscmd %server% /zoneadd %%f /DsPrimary /DP /forest for /F %%f in (file.txt) do dnscmd %server% /recordadd %%f * A 127.0.0.1 <http://127.0.0.1/> Some questions: -Is there a more efficient way to block these domains (we also have ISA 2006)? -Is there a downside to having all that many domains on our DNS servers? -any other words of wisdoms or warnings before I try this? Thanks. ...Tim -- ME2 ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
