On Friday 24 June 2005 08:36, Carl Holtje ;021;vcsg6; wrote:
> > > - Black lists for inbound & outbound traffic
> >
> > We don't do much of this. We *do* use DNS poisoning for certain
> > known "ratware"/virus domains such as gator.com.
>
> Sorry to jump in half-way through, but how do you do this?
>
> I'm looking for a solution better than editing /etc/hosts that I can
> apply to a small network..
BIND 9, transparent DNS proxying for clients to force them into our
local nameserver, where we have a simple null zone file which is loaded
as master for each blocked domain. It points a wildcard "A" at an
internal IP.
Among other things, that internal machine runs a Web server. When we
first started doing this, its apache logs were inundated with 404's as
the now-stranded spyware attempted to phone home.
--
mail to this address is discarded unless "/dev/rob0"
or "not-spam" is in Subject: header
