Thursday, November 4, 2010

DNS Blackhole for Smoothwall

Lance Corporal Albert Miranda, Lance Corporal David Burdwell, and platoon Lieutenant Alec Bodenwiser hold Khe Sanh

USMC Lance Corporal Albert Miranda, Lance Corporal David Burdwell, and platoon Lieutenant Alec Bodenwiser hold Khe Sanh.

(photograph by David Douglas Duncan)


We now have 136,129 unsavory domains blackened. Russian and Ukrainian cyber criminals are in our sights, and should give it up.

You can get the (free) DNS Blackhole for Smoothwall files at:
config
hosts

Edit hosts to match your LAN, and place these files in /var/Smoothwall/hosts/.

If you use the Bind or Mara DNS servers, the best DNS Black Hole resource is David Glosser's Malware Domains.

Smoothwall performs IP blocking as well. Here is an IP block configuration file that blocks access to the most malware-laden networks and dedicated criminal hosting. Stealth malware often reports user data back to these networks:
ip-config

Change the name to config, and place in /var/Smoothwall/ipblock/.

James McQuaid
11-17-2010