I am out of the office October 1st & 2nd and will respond to your message as quickly as possible once I return.
Amanda On Oct 1, 2018, at 5:39 AM, daniela daniela via Unbound-users <[email protected]> wrote: > This is a very serious problem. I would like insight as well. > I have noticed in my logs such activity e.g from cloudfront.net and other. > > There is no silver bullet we all know that. The domains hosting malicious > programs (and their social engineering) should as far as possible not > reachable from the machines and programs should not be able to install in a > straightforward manner anyway. The known bad ip ranges should be dropped. The > questionable domains should be dns blackholed. And then what? The well known > domains? What shall we do, cut off most of the internet? One may as well pull > the plug, it’s faster. > > Sometimes i wonder if in a few years we will be back to a host file with the > few thousands of relatively trustworthy hosts we care for. Then again, who > knows what the next machine does. My packets have to hop to a next machine, i > dont control the internet :( > > On Monday, October 1, 2018, Chris via Unbound-users > <[email protected]> wrote: > I was reading a disturbing article on ways that DNS can be used to get data > past firewalls and for malicious programs to communicate with a command and > control center via DNS NXDOMAIN. > > Right off hand I dont see a way to block this ? Looking at my NXDOMAIN > lookups its quite pervasive and coming from a large number of sources. Its > clearly being used by A LOT of people. > > Is there a way I can use Unbound to mitigate this threat ? This is a serious > issue because i don't see how to block this. > > https://www.plixer.com/blog/detecting-malware/security-vendors-teaching-bad-actors-how-to-get-past-firewalls/ > > > ______________________________________________________________________ > This email has been scanned by the Symantec Email Security.cloud service. > For more information please visit http://www.symanteccloud.com > ______________________________________________________________________
