[prev in list] [next in list] [prev in thread] [next in thread]
List: pdns-users
Subject: [Pdns-users] pdns as malware interceptor
From: Hugo van der Kooij <hvdkooij () vanderkooij ! org>
Date: 2010-02-10 23:00:32
Message-ID: 4B733A90.7050605 () vanderkooij ! org
[Download RAW message or body]
Has anyone tested in using pdns as a malware interceptor?
There are large lists of known malware domains. But has someone actually
tested a combined forwarder + authorative server?
The concept is that the server is authorative for malware domains and
will direct you to a honeypot machine (preferably single box with pdns,
honeypot, ....). For all other domains it should be a forwarding DNS.
Given the large amount of malware domains available today on CERT
websites the server will be authorative for perhaps as many as 10^6 or
more domains.
I think it should not be too big a hastle to build a box for this
purpose to catch stray malware on a campus or something like that.
Hugo.
--
hvdkooij@vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
http://mailman.powerdns.com/mailman/listinfo/pdns-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic