Avoid Phishing using DNS
Alexander Clouter
alex at digriz.org.uk
Thu Jan 15 04:42:44 EST 2009
* sysadmin <sysadmin at mrgnetwork.com.br> [Wed, 14 Jan 2009 17:56:00 -0200]:
>
> I wrote a little howto about avoid phishing uisng MaraDNS:
>
> http://www.mrgnetwork.com.br/wiki/doku.php/en/maradns_phishing
>
> Hope that could be useful.
>
Bah, you beat me to it. I keep meaning to put together my documentation
on how I'm using MaraDNS with MalwareDomains[1] to automate building the
zone file, making sure it's safe, and adding a few extras.
To remove the issue of false positives (and users grumbling), I include
TXT fields in the zone file I create for each entry so that the page
they get redirected to also lists why it's blocked; also means I can use
a DNS query to see quickly why something is blacklisted.
The page they get redirected to is an Apache webserver with mod_proxy,
if the user accepts the 'risk', a cookie is set between the client and
the web server that tells mod_proxy to permit the request to go through
without being blocked; on a per session basis.
Since deployment I have heard not a single complaint and it is a
completely zero maintenance tool. If anyone is interested, I'll put
together a webpage with everything you need to put together your own.
Cheers
Alex
[1] http://malwaredomains.com/?p=288
--
Alexander Clouter
.sigmonster says: Illiterate? Write today, for free help!
More information about the list
mailing list