Over the weekend I've updated the DNS Blackhole and RBN IP List files to include blocking of the most recent malware sites (including the ASProx botnet). Updating your firewall will provide you with optimal protection:
Emerging Russian Business Network rules for Snort:
http://www.emergingthreats.net/rules/emerging-rbn.rules
Emerging Threats RBN Project page:
http://doc.emergingthreats.net/bin/view/Main/RussianBusinessNetwork
IP list as a text file (last update: 10-24-2009)
http://doc.emergingthreats.net/pub/Main/RussianBusinessNetwork/RussianBusinessNetworkIPs.txt
DNS Black Hole files for Smoothwall at Emerging Threats:
http://doc.emergingthreats.net/pub/Main/HoneywallSamples/config-hosts
http://doc.emergingthreats.net/pub/Main/HoneywallSamples/hosts
James McQuaid
10-25-2009
Monday, October 26, 2009
Saturday, October 17, 2009
Friday, October 16, 2009
Don't Lose Your Bank Account: Bank on a Live CD
Brian Krebs has provided people who use online banking services with excellent advice: do your online banking only from a read-only, bootable operating system, such as Knoppix, or Ubuntu.
Brian's articles on this subject have been featured by both Slashdot and Google. He provides a tutorial on how to burn a live CD using Ashampoo Burning Studio Free. If you use Nero, my tutorial on burning ISO images may also be useful.
For those who do not wish to burn their own ISO image, the large bookstores now have Linux magazines available which include bootable Linux Live CDs.
James McQuaid
Brian's articles on this subject have been featured by both Slashdot and Google. He provides a tutorial on how to burn a live CD using Ashampoo Burning Studio Free. If you use Nero, my tutorial on burning ISO images may also be useful.
For those who do not wish to burn their own ISO image, the large bookstores now have Linux magazines available which include bootable Linux Live CDs.
James McQuaid
Sunday, October 11, 2009
Blocking the ASProx Fast Flux Botnet
With the IP addresses of the ASProx fast flux botnet changing between infected residential computers nearly daily, the only effective methods of blocking it are through the use of a DNS black hole or with Snort Inline.
Gary Warner provides an excellent write up on the botnet at his blog at: http://garwarner.blogspot.com/2009/10/cyber-security-awareness-month-day-one.html
Today, I updated the DNS Super Blackhole at emergingthreats.net. You can download the DNS Super Black Hole files for Smoothwall at Emerging Threats from: http://doc.emergingthreats.net/bin/view/Main/HoneywallSamples)
* config-hosts (http://doc.emergingthreats.net/pub/Main/HoneywallSamples/config-hosts): 275,937 organized crime, RBN affiliates, malware hosts and bad actors blacklisted for Smoothwall 3. Leave last line blank. Place in /var/smoothwall/hosts/, then rename config-hosts to config. Updated 10-11-2009: added 9,116 cybercrime and malware domains identified since 6-20-2009.
* hosts (http://doc.emergingthreats.net/pub/Main/HoneywallSamples/hosts): Protect your home from 275,937 bad domains for Smoothwall 3; placed in /var/smoothwall/hosts/. Note: with this many objects in BlackHole, you must use local loopback (blacklisted domains must resolve to 127.0.0.1). Updated 10-11-2009. If you believe that your domain should not be listed, please let us know and we will review it for delisting.
- James McQuaid
Gary Warner provides an excellent write up on the botnet at his blog at: http://garwarner.blogspot.com/2009/10/cyber-security-awareness-month-day-one.html
Today, I updated the DNS Super Blackhole at emergingthreats.net. You can download the DNS Super Black Hole files for Smoothwall at Emerging Threats from: http://doc.emergingthreats.net/bin/view/Main/HoneywallSamples)
* config-hosts (http://doc.emergingthreats.net/pub/Main/HoneywallSamples/config-hosts): 275,937 organized crime, RBN affiliates, malware hosts and bad actors blacklisted for Smoothwall 3. Leave last line blank. Place in /var/smoothwall/hosts/, then rename config-hosts to config. Updated 10-11-2009: added 9,116 cybercrime and malware domains identified since 6-20-2009.
* hosts (http://doc.emergingthreats.net/pub/Main/HoneywallSamples/hosts): Protect your home from 275,937 bad domains for Smoothwall 3; placed in /var/smoothwall/hosts/. Note: with this many objects in BlackHole, you must use local loopback (blacklisted domains must resolve to 127.0.0.1). Updated 10-11-2009. If you believe that your domain should not be listed, please let us know and we will review it for delisting.
- James McQuaid
Subscribe to:
Posts (Atom)