Thursday, June 19, 2008

blackhole dns

a friend and i got the inspiration to implement blackhole dns over a year back... iirc the linkage was snort hosted, but i can't find it.... basically we set up a bhdns check for all outbount web traffic to reduce malware issues.

i am quite surprised this type of thing isn't more popular... yea yea, it is blacklisting and we know that isn't totally effective, but we also know that academic ivory tower BS won't get you very far w/ the common constraints of corp america, budgets, etc etc etc. so are you better off blacklisting some sites which are known very hostile or trying to whitelist known-good stuff and then moving to a default permit posture...

anywho, i see this as one component of defense in depth, and well worth having in a lot of environments...

1 comment:

Jens "jdm" Meyer said...

The lists were originally hosted at bleedingsnort, now bleedingthreats, (approximately here) but it looks like the project has moved to malwaredomains.com

I wonder if that project is still in place. If so, it needs some modification per the moved file locations.