Friday, August 15, 2008

DNS Blackhole for Smoothwall

DNS Blackhole for Smoothwall 3.0 available at Emerging Threats:
This is the most comprehensive DNS blacklist available. These files allow you to blacklist malicious domains by name. This is particularly useful because of the frequency with which the enemy changes the IP addresses of malware domains in an effort to evade IP blocking.

* config-hosts: 175,550 organized crime, RBN affiliates, malware hosts and bad actors blacklisted for Smoothwall 3. Leave last line blank. Place in /var/smoothwall/hosts/, then rename config-hosts to config. Updated 8-14-2008.
http://doc.emergingthreats.net/pub/Main/HoneywallSamples/config-hosts

* hosts: Protect your home from 175,550 bad domains for Smoothwall 3; placed in /var/smoothwall/hosts/. Note: with this many objects in BlackHole, you must use local loopback. Update 8-14-2008: added 3,000 new malware domains.
http://doc.emergingthreats.net/pub/Main/HoneywallSamples/hosts

For effective protection, you should use anti-spyware and anti-virus products in addition to IP blocking and DNS blacklisting.

I maintain the Snort Config Samples Project at Emerging Threats. Visit http://doc.emergingthreats.net/bin/view/Main/HoneywallSamples for more information.