|
Tweet Follow @spamhaus |
|
|||||
![]() Network hijacking - the low down A Domain-Specific Lesson from the Marriott Incident Exploits Block List - Two Botnets Contribute to 50% Increase in Listings How has GDPR affected Spam? Smoke Loader malware improves after Microsoft spoils its Campaign Fighting abuse at the edge Spamhaus Botnet Threat Report 2017 PandaZeuS’s Christmas Gift: Change in the Encryption scheme Older News Articles: ![]() ![]() |
All too frequently electronic security breaches result from some form of social engineering trick which entices a user to visit a harmful website by providing a clickable link (URL) with a specially-registered domain which ultimately leads to the user being defrauded or their machine being infected with malware. Once infected, criminals very quickly gain complete control of that user's computer: if that user is on a corporate network, the criminal would immediately gain all that user's privileged access within the company's network. This can result in the theft of confidential corporate data, in many cases financial losses and the possibility of lurid headlines in the press. While security professionals can and do block access to domains that are known to cause harm, this has so far only been possible once the harm has been identified. And that's too late - the harm is already done. The criminals who use these techniques are now registering domains by the thousand in order to circumvent such blocks, "paying" for them with stolen credit cards and using each domain for a very small number of attacks. The Spamhaus DBL was launched in 2010 as a way to identify these domains very rapidly so that network administrators can block them in advance. But even so, there has so far been no way to provide this protection automatically. Now, Response Policy Zones (RPZs) allow DNS administrators selectively to block the DNS resolution of sites. The bad domains or hosts will then simply disappear from that network's view of the Internet - and the malware will no longer be able to reach that network. Spamhaus' Domain Block List (DBL) contains tens of thousands of domains known to be suspect. The DBL already is being updated with new threats every sixty seconds of every day. By making this list of bad domains available as an RPZ, Spamhaus and their technical collaborators (Deteque and ISC) are giving security administrators an additional tool which they can use to protect their network from the inadvertent actions of unsuspecting users. This data is updated very rapidly by broadcasting only changes to the list rather than the full list. This means that the frequent updates generally take less than a second to propagate, effectively mitigating threats in near real time. Spamhaus' DBL RPZ is now available for beta testing. A BIND server (version 9.8.0+) is needed to utilise this feature and at this time networks will need to contact Spamhaus <rpz-data@spamhaus.org> to register their BIND server to use this RPZ. For further information see: Update 2014-10-31: Full service offered Update 2018-02-01: Free service offered |
![]() ![]() ![]() ![]() ![]() ![]() |
![]() Permanent link to this news article: Spamhaus' DBL as a Response Policy Zone (RPZ) http://www.spamhaus.org/news/article/669/spamhaus-dbl-as-a-response-policy-zone-rpz ![]() |
![]() Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record. |
|