Filter malicious servers by IP address

Follow

NCNETSEC

March 08, 2014 17:03

Filtering by categories and known malicious host names is great, so why not add the ability to analyze the IP address returned by a DNS query and block the result from getting back to the OpenDNS customer if that IP is listed in malware blacklists.

Example: A dns lookup for staggline.com (bad site itself) returns 66.96.147.117 which is a known C&C server in addition to hosting about 300 other websites of which a substantial percentage are phishing and near name domains.  Basically not much good is coming out of that IP or the ASN for that hosting company.  I would like to have OpenDNS make the call to block the IP result for these hosts which are basically on the seedy side of the internet.

7

• 

  rotblitz March 08, 2014 18:03

  Great idea, you got my vote.  But I believe this enhanced malware protection is with the Enterprise versions only.

  0

  Comment actions Permalink
• 

  jeffcook2 April 16, 2014 23:59

  This is a great idea.  I also think they have been doing this for years.

  0

  Comment actions Permalink

Please sign in to leave a comment.