On 09/02/15 09:51, Olivier Nicole wrote:
Hi,
I am looking at malware patrol, but they offer a list of over 300,000
rules, that is way too big.
So I was considering using it in a URIDNSBL type of way, but including
the full URL, not only the host part. It should be able to accept things
like foo.example.com:81/directory/foo?something
Does that exist already?
that doesn't exist, publicly...
There are many reasons why running this isn't trivial either.
- tracking IDs/unique identifiers in URLs
- *can* cause massive scanning overhead
- depending on special cases, DNS spec limitations.
etc, etc..
What problem are you trying to solve which cannot be solved with "known"
methods?
