On 25/10/2011 10:03, babu dheen wrote: > We are seeing huge number of malware request going to malware domains > performed by some malware infected clients. > > All malware infected clients are trying to reach below URL . We would like > to know how we can block if any dns query come to > *****.-0-0-0-0-0-0-0-0-0-0.info domain, should be redirected to 127.0.01. > > Sample malware domains > > > 2-4-z-g-0-9-4-3-4-8-p-5-r-i-f-3-0-b-3-y-5-a-8-e-0-y-z-s-0-7-q-.0-0-0-0-0-0-0-0-0-0-0-0-0-21-0-0-0-0-0-0-0-0-0-0-0-0-0.info > > u-r-k-w-5-b-s-7-m-2-p-s-n-j-2-7-3-3-1-q-2-0-i-5-g-9-1-i-0-p-7-.0-0-0-0-0-0-0-0-0-0-0-0-0-41-0-0-0-0-0-0-0-0-0-0-0-0-0.info > > 9-9-e-d-p-b-2-e-r-c-7-1-3-p-v-5-0-b-3-1-1-n-3-h-4-9-i-6-1-r-7-.0-0-0-0-0-0-0-0-0-0-0-0-0-6-0-0-0-0-0-0-0-0-0-0-0-0-0.info
This is exactly what RPZ was designed for: http://www.isc.org/files/TakingBackTheDNSrpz2.pdf Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
