Malware was the original thread subject, so it seemed implied. If their phishing category is intended to include malware distribution sites, it isn't as complete as the other list.
...Tim From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 2008 10:58 AM To: NT System Admin Issues Subject: Re: DNS Wildcard zones for malware protection Who ever said they were? I was only clarifying that pr0n is its own category. I made no connections to or with malware. I believe "malware" applies to their "phishing" category. On Tue, Mar 18, 2008 at 1:53 PM, Tim Evans <[EMAIL PROTECTED]> wrote: Yes but, pr0n sites are not necessarily malware sites or vice versa. Yes, pr0n sites are often malware sites, but they aren't the same thing ...Tim From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 18, 2008 10:30 AM To: NT System Admin Issues Subject: Re: DNS Wildcard zones for malware protection Times ave changed. pr0n is its own category. There are almost 50 seperate categories now. On Tue, Mar 18, 2008 at 9:54 AM, Tim Evans <[EMAIL PROTECTED]> wrote: The problem with Openness is that their filtering is for pron, and similar listings. malwaredomains.com <http://www.malwaredomains.com/> lists domains known to be serving malware, and I don't see any similar category on OpenDNS. I checked a few random domains from their lists and OpenDNS didn't block them. That's too bad, because that would be an ideal solution. ...Tim From: Roger Wright [mailto:[EMAIL PROTECTED] Sent: Monday, March 17, 2008 7:05 PM To: NT System Admin Issues Subject: RE: DNS Wildcard zones for malware protection OpenDNS provides filtering by category now. Could you perhaps integrate that into your DNS strategy? Roger Wright Network Administrator 727.572.7076 x388 ____ Fisherman's Credo: Fillet and Release. From: Tim Evans [mailto:[EMAIL PROTECTED] Sent: Monday, March 17, 2008 7:40 PM To: NT System Admin Issues Subject: DNS Wildcard zones for malware protection I've been looking at HYPERLINK "http://www.malwaredomains.com <http://www.malwaredomains.com/> "www.malwaredomains.com <http://www.malwaredomains.com/> and thinking about setting up a block list using their list of malicious domains. I'm thinking about doing this by setting up a wildcard zone for each domain on our DNS server. Right now, the list has almost 20,000 domains. We're running Windows 2003 domain & forest functional mode, with AD integrated zones. Our DNS servers are for internal use only and are not publicly accessible. Here is the batch file I'm planning to use: wget http://www.malwaredomains.com/files/domains.txt for /F "eol=# tokens=1 " %%f in (domains.txt) do @echo %%f >>file.txt for /F %%f in (file.txt) do dnscmd %server% /zoneadd %%f /DsPrimary /DP /forest for /F %%f in (file.txt) do dnscmd %server% /recordadd %%f * A 127.0.0.1 <http://127.0.0.1/> Some questions: -Is there a more efficient way to block these domains (we also have ISA 2006)? -Is there a downside to having all that many domains on our DNS servers? -any other words of wisdoms or warnings before I try this? Thanks. ...Tim -- ME2 -- ME2 ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
