[Pdns-users] pdns as malware interceptor
Hugo van der Kooij
hvdkooij at vanderkooij.org
Wed Feb 10 23:00:32 UTC 2010
Has anyone tested in using pdns as a malware interceptor?
There are large lists of known malware domains. But has someone actually
tested a combined forwarder + authorative server?
The concept is that the server is authorative for malware domains and
will direct you to a honeypot machine (preferably single box with pdns,
honeypot, ....). For all other domains it should be a forwarding DNS.
Given the large amount of malware domains available today on CERT
websites the server will be authorative for perhaps as many as 10^6 or
more domains.
I think it should not be too big a hastle to build a box for this
purpose to catch stray malware on a campus or something like that.
Hugo.
--
hvdkooij at vanderkooij.org http://hugo.vanderkooij.org/
PGP/GPG? Use: http://hugo.vanderkooij.org/0x58F19981.asc
A: Yes.
>Q: Are you sure?
>>A: Because it reverses the logical flow of conversation.
>>>Q: Why is top posting frowned upon?
Bored? Click on http://spamornot.org/ and rate those images.
More information about the Pdns-users
mailing list