Solved

Good Security Mailing list, or Database

Posted on 2010-09-02
6
431 Views
Last Modified: 2013-11-22
Hey everyone I need some recommendations on a Good security mailing list or a site I can check for banned IPs that are from known Command and Control servers.
Basically what I'd like to do is have my router blackhole all traffic from know C&C servers in case hosts on my network are infected (zombie'd), that way at least while they are at work they aren't communicating with them, AND I can track the connection attempts. I know C&C exist and are difficult to shut down, so in the mean time I'd like to do my part and block them.
To do that I need to get the IPs as quickly as possible.
Thanks for the Tips in advance.
0
Comment
Question by:MALCOLMPIRNIEIT
6 Comments
 
LVL 6

Assisted Solution

by:Nuttycomputer
Nuttycomputer earned 150 total points
Comment Utility
There is a list kept up to date here: http://mtc.sri.com/live_data/cc_servers/

It also lists the command for most firewalls so just copy and paste in.


Alternatively if your concerned about security I would recommend investing in a firewall such as a Juniper 5GTS or a Proxy Server. These can be set to deny traffic by default and then you have to explicitly allow it. They also can be set to log activity.
0
 

Author Comment

by:MALCOLMPIRNIEIT
Comment Utility
Thanks Nutty,

We actually have a significant investment in our Primiter defenses (Checkpoint), this is for a large corporate network.

To other's: I'll reward the points to the best recommendations, or share if I feel are of equal suggestion.
0
 
LVL 25

Accepted Solution

by:
madunix earned 200 total points
Comment Utility
http://urlblacklist.com/
This is a commercial managed URL blacklist service. The bulk of the entries are downloaded from various free sites. The managed part of the service provides:

    * A blacklist considerably larger than most unmaintained blacklists
    * Human verified user submissions
    * A maintained 'remove' list which avoids common accidentally listed sites such as msn.com
    * A maintained 'add' list which ensures common 'bad' sites are always included
    * All you need for your squidGuard and DansGuardian blacklists
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 61

Expert Comment

by:btan
Comment Utility
Check out SquidGuard blacklists which also include the URLblacklist shared by madunix
@ http://www.squidguard.org/blacklists.html

 Also see Spam Links in the link below. It has quite a rich list of reference to cover what may be of relevant. Do a quick search such as "banned", "blacklist", "server" and etc to jump straight to them
@ http://spamlinks.net/filter-bl.htm

Actually I see the tor blacklist will be of interest as well as attacker will anonymise their traffic thru open proxy and even leverage on fast flux type. Below are some good references that may be useful for the network devices
@ http://www.emergingthreats.net/index.php/rules-mainmenu-38.html
@ http://www.malware.com.br/lists.shtml
@https://www.dan.me.uk/dnsbl
@ http://www.opendns.com/solutions/overview/

There are also manual means to check URL against robtex and google safe surfing online - believe it can be automated by crafting out the HTTP request to them
@ http://www.robtex.com/
@ http://it.toolbox.com/wiki/index.php/Google_Safe_Browsing_Diagnostic_Page
0
 
LVL 61

Assisted Solution

by:btan
btan earned 150 total points
Comment Utility
Another article that you may be interested using Windows PowerShell Script to check against blacklisting domains. There are some listed

@ http://www.darknet.org.uk/2010/09/windows-powershell-dns-server-blackhole-tool-blacklist-domains/

You can obtain lists of FQDNs and domain names to blackhole for free. Some lists are only for malware, others might be just for pornography, but be aware that they are never 100% complete or accurate (you get what you pay for, so don’t be surprised to find gaps a small number of false positives).

Some of the more popular blackhole lists include (in no particular order):

www.MalwareDomains.com
www.Malware.com.br
www.MalwareDomainList.com
www.MalwareURL.com
www.SomeoneWhoCares.org
mtc.sri.com
www.MVPs.org
www.UrlBlacklist.com (not free)

From sites like the above you can download lists of FQDNs and simple domain names which can be fed into the PowerShell script for this article in order to create blackhole zones on Windows DNS servers. If you have DNS servers running BIND, perhaps on Linux or BSD, then the sites above will also help you import blackhole domains on those DNS servers too (scripts for blackholing on BIND are common).
0
 

Author Closing Comment

by:MALCOLMPIRNIEIT
Comment Utility
I was given various resources and responses. All provded a variety of the solution I was looking for. However there wasn't any solutions that specifically list C&C Server IPs.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now