Posts
With the IP addresses of the ASProx fast flux botnet changing between infected residential computers nearly daily, the only effective methods of blocking it are through the use of a DNS black hole or with Snort Inline.
Gary Warner provides an excellent write up on the botnet at his blog at: http://garwarner.blogspot.com/2009/10/cyber-security-awareness-month-day-one.html
Today, I updated the DNS Super Blackhole at emergingthreats.net. You can download the DNS Super Black Hole files for Smoothwall at Emerging Threats from: http://doc.emergingthreats.net/bin/view/Main/HoneywallSamples)
* config-hosts (http://doc.emergingthreats.net/pub/Main/HoneywallSamples/config-hosts): 275,937 organized crime, RBN affiliates, malware hosts and bad actors blacklisted for Smoothwall 3. Leave last line blank. Place in /var/smoothwall/hosts/, then rename config-hosts to config. Updated 10-11-2009: added 9,116 cybercrime and malware domains identified since 6-20-2009.
* hosts (http://doc.emergingthreats.net/pub/Main/HoneywallSamples/hosts): Protect your home from 275,937 bad domains for Smoothwall 3; placed in /var/smoothwall/hosts/. Note: with this many objects in BlackHole, you must use local loopback (blacklisted domains must resolve to 127.0.0.1). Updated 10-11-2009. If you believe that your domain should not be listed, please let us know and we will review it for delisting.
- James McQuaid
skip to main |
skip to sidebar
Use Smoothwall, Suricata, Snort Inline, the Emerging Threats rules, blackhole DNS and IP blocking to secure your home network
from the Russian Business Network and other criminal organizations.
About Me
Web-based Research Tools
- Anonymous Whois
- Anti-Malvertising Research Engine
- Arbor Networks Atlas Dashboard
- BFK Passive DNS Replication
- CIDR Report
- CleanMX Realtime
- Diagnosis Tools
- DNS Digger
- DNS Lookup
- DNS-BH Malware Domain Blocklist
- Domain Tools Whois
- Emerging Threats
- Find Parasites
- Google Safe Browsing Diagnostic
- gWebTools Whois
- hpHosts
- IP6 Conversion
- IPVoid
- Malc0de Database
- Malware Domain List
- Malware URL
- McAfee Site Advisor
- McAfee Trusted Source
- Microsoft Malware Protection Center
- Name Server Spy
- NetCraft Site Report
- Netirk Site Status
- Norton Safe Web
- PDF Void
- Project HoneyPot
- Robtex Swiss Army Knife
- ShadowServer
- Site Check
- Snort Config Samples
- SpamHaus
- SRI Honeynet
- SRI Malware Threat Center
- Symantec Threat Explorer
- Threat Log Honeypot Database
- Unshorten URLs
- URLVoid
- Virus Total
- vURL
- Wepawet
- WhatMask
- Where Is
Security Blogs
- Arbor Sert
- Avira Threat Explorer
- Cyber-TA Malware Analysis
- Dancho Danchev
- Digital Intelligence and Strategic Operations Group
- FireEye
- Gary Warner's CyberCrime & Doing Time
- Host Exploit
- Jart Armin's RBN Exploit
- Knujon
- Krebs On Security
- McAfee Avert Labs Blog
- Russian Business Network
- SANS Internet Storm Center
- Securiteam
- Silent Noise
- Stopbadware: RBN (Russian Business Network)
- Sudosecure
- Sunbelt Blog
- Symantec Threat Explorer
- Team Cymru
- Victor Julien's Inliniac
- Will Metcalf's Blog
- Zero Day
Free Security Software
- Avira Antivirus
- Bot Hunter
- ClamWin Antivirus
- Comodo Firewall
- Emerging Threats (bleeding snort signatures)
- Honeywall (snort inline iso)
- Malzilla
- McAfee Site Advisor
- Microsoft Security Essentials
- Secunia Personal Software Inspector
- Smoothwall Express 3.0 (bootable iso)
- Snort.org (snort signatures)
- Suricata Intrusion Prevention
- Web Of Trust