On 2016-06-15, Peter Fokker wrote:
> Ted Wynnychenko wrote:
> [...]
>> I block connections based on a list from malwaredomains.com.
>> A script runs nightly that downloads the list/changes, creates
>> zone files, and reloads unbound/nsd. The "blocked" zone files
>> point those domains at an inter
On 2016-06-14, Ted Wynnychenko wrote:
>>From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
> Stuart Henderson
>>Sent: Tuesday, June 14, 2016 12:31 PM
>>
>>On 2016-06-14, Ted Wynnychenko wrote:
>>> This really isn't a big deal; but as more sites have started using https,
>>
Tue, 14 Jun 2016 17:53:25 -0500 "Ted Wynnychenko"
> >How are you identifying connections to block?
>
> I block connections based on a list from malwaredomains.com. A script runs
> nightly that downloads the list/changes, creates zone files, and reloads
> unbound/nsd. The "blocked" zone files
Ted Wynnychenko wrote:
[...]
> I block connections based on a list from malwaredomains.com.
> A script runs nightly that downloads the list/changes, creates
> zone files, and reloads unbound/nsd. The "blocked" zone files
> point those domains at an internal (10.0.x.x) IP address.
[...]
> From my l
On Tue, Jun 14, 2016 at 8:05 AM, Ted Wynnychenko wrote:
> Hello
>
> For many years now I have been using a DNS black hole setup to stop http/https
> connections to blocked websites (well, any connection to those sites). This
> has
> worked well.
>
> Connections with http are routed to an IP on t
>From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Stuart Henderson
>Sent: Tuesday, June 14, 2016 12:31 PM
>
>On 2016-06-14, Ted Wynnychenko wrote:
>> This really isn't a big deal; but as more sites have started using https, and
as
>> tools such as relayd and squid (and oth
Ted Wynnychenko wrote:
Hello
For many years now I have been using a DNS black hole setup to stop http/https
connections to blocked websites (well, any connection to those sites). This has
worked well.
Connections with http are routed to an IP on the internal network which returns
a simple "blo
On 2016-06-14, Ted Wynnychenko wrote:
> This really isn't a big deal; but as more sites have started using https, and
> as
> tools such as relayd and squid (and others?) have developed ways to "inject"
> https certificates on the fly, I am wondering if there is a way to create
> https
> certific
Hello
For many years now I have been using a DNS black hole setup to stop http/https
connections to blocked websites (well, any connection to those sites). This has
worked well.
Connections with http are routed to an IP on the internal network which returns
a simple "blocked" web page.
Connecti
9 matches
Mail list logo
