Re: [ASK] Block Malware Generate Random Subdomain, Domain and TLD

2018-01-19 Thread Syaifudin JW
As i know RPZ is usefull for random subdomain. So we can respon it localy. But if request with random sub domain, random domain and random tld its imposible to use RPZ. Dns server will check to root server. For now i still use iptables with regex to block that request so request not to dns but drop

Re: [ASK] Block Malware Generate Random Subdomain, Domain and TLD

2018-01-19 Thread Josh Kuo
You might want to check out the free service offered by Quad Nine (9.9.9.9), they use RPZ in the backend to filter out known malicious domain names. I do not know if they can filter out malware-related names. On Sat, Jan 20, 2018 at 7:02 AM Syaifudin wrote: > Hi Daniel > > thank you very much fo

Re: [ASK] Block Malware Generate Random Subdomain, Domain and TLD

2018-01-19 Thread Syaifudin
Hi Daniel thank you very much for your answer. i want ask much more but my english not good so once again thank you very much. -- Sent from: http://bind-users-forum.2342410.n4.nabble.com/ ___ Please visit https://lists.isc.org/mailman/listinfo/bind-u

Re: [ASK] Block Malware Generate Random Subdomain, Domain and TLD

2018-01-18 Thread Tony Finch
Grant Taylor via bind-users wrote: > > Did you see or hear any talks about RPS in addition to RPZ? I'm afraid not - I guess it's still too new. Tony. -- f.anthony.n.finchhttp://dotat.at/ - I xn--zr8h punycode German Bight, Humber, Thames: North or northwest 7 to severe gale 9 backing west

Re: [ASK] Block Malware Generate Random Subdomain, Domain and TLD

2018-01-17 Thread Daniel Stirnimann
> domains: if you know the algorithm, you can pre-generate the malicious > domains and add them to your RPZ in advance. RPZ by default will not stop the upstream query. You would have to use "qname-wait-recurse yes" in addition if stopping upstream queries is your goal. I believe this malware DGA

Re: [ASK] Block Malware Generate Random Subdomain, Domain and TLD

2018-01-17 Thread Grant Taylor via bind-users
On 01/17/2018 07:57 AM, Tony Finch wrote: I'm currently at UKNOF39 where we have just had a couple of talks about RPZ. One of the speakers talked about algorithmically generated malware domains: if you know the algorithm, you can pre-generate the malicious domains and add them to your RPZ in ad

Re: [ASK] Block Malware Generate Random Subdomain, Domain and TLD

2018-01-17 Thread Tony Finch
Syaifudin wrote: > is there regex for bind config or something else to anticipation or block > malware where generate random subdomain ( 2 or 3 character )+ random domain > ( 7 character ) + random tld. This is a job for RPZ. I'm currently at UKNOF39 where we have just had a couple of talks abo

[ASK] Block Malware Generate Random Subdomain, Domain and TLD

2018-01-17 Thread Syaifudin
Hi all, is there regex for bind config or something else to anticipation or block malware where generate random subdomain ( 2 or 3 character )+ random domain ( 7 character ) + random tld. log bind show in picture in this link Malware Generate Random Subdomain, Domain and TLD