Filter malicious servers by IP address
Filtering by categories and known malicious host names is great, so why not add the ability to analyze the IP address returned by a DNS query and block the result from getting back to the OpenDNS customer if that IP is listed in malware blacklists.
Example: A dns lookup for staggline.com (bad site itself) returns 66.96.147.117 which is a known C&C server in addition to hosting about 300 other websites of which a substantial percentage are phishing and near name domains. Basically not much good is coming out of that IP or the ASN for that hosting company. I would like to have OpenDNS make the call to block the IP result for these hosts which are basically on the seedy side of the internet.
Please sign in to leave a comment.
Comments
2 comments