Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Good Security Mailing list, or Database

Posted on 2010-09-02
6
Medium Priority
?
442 Views
Last Modified: 2013-11-22
Hey everyone I need some recommendations on a Good security mailing list or a site I can check for banned IPs that are from known Command and Control servers.
Basically what I'd like to do is have my router blackhole all traffic from know C&C servers in case hosts on my network are infected (zombie'd), that way at least while they are at work they aren't communicating with them, AND I can track the connection attempts. I know C&C exist and are difficult to shut down, so in the mean time I'd like to do my part and block them.
To do that I need to get the IPs as quickly as possible.
Thanks for the Tips in advance.
0
Comment
Question by:MALCOLMPIRNIEIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 6

Assisted Solution

by:Nuttycomputer
Nuttycomputer earned 450 total points
ID: 33592463
There is a list kept up to date here: http://mtc.sri.com/live_data/cc_servers/

It also lists the command for most firewalls so just copy and paste in.


Alternatively if your concerned about security I would recommend investing in a firewall such as a Juniper 5GTS or a Proxy Server. These can be set to deny traffic by default and then you have to explicitly allow it. They also can be set to log activity.
0
 

Author Comment

by:MALCOLMPIRNIEIT
ID: 33592482
Thanks Nutty,

We actually have a significant investment in our Primiter defenses (Checkpoint), this is for a large corporate network.

To other's: I'll reward the points to the best recommendations, or share if I feel are of equal suggestion.
0
 
LVL 25

Accepted Solution

by:
madunix earned 600 total points
ID: 33600374
http://urlblacklist.com/
This is a commercial managed URL blacklist service. The bulk of the entries are downloaded from various free sites. The managed part of the service provides:

    * A blacklist considerably larger than most unmaintained blacklists
    * Human verified user submissions
    * A maintained 'remove' list which avoids common accidentally listed sites such as msn.com
    * A maintained 'add' list which ensures common 'bad' sites are always included
    * All you need for your squidGuard and DansGuardian blacklists
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 65

Expert Comment

by:btan
ID: 33605730
Check out SquidGuard blacklists which also include the URLblacklist shared by madunix
@ http://www.squidguard.org/blacklists.html

 Also see Spam Links in the link below. It has quite a rich list of reference to cover what may be of relevant. Do a quick search such as "banned", "blacklist", "server" and etc to jump straight to them
@ http://spamlinks.net/filter-bl.htm

Actually I see the tor blacklist will be of interest as well as attacker will anonymise their traffic thru open proxy and even leverage on fast flux type. Below are some good references that may be useful for the network devices
@ http://www.emergingthreats.net/index.php/rules-mainmenu-38.html
@ http://www.malware.com.br/lists.shtml
@https://www.dan.me.uk/dnsbl
@ http://www.opendns.com/solutions/overview/

There are also manual means to check URL against robtex and google safe surfing online - believe it can be automated by crafting out the HTTP request to them
@ http://www.robtex.com/
@ http://it.toolbox.com/wiki/index.php/Google_Safe_Browsing_Diagnostic_Page
0
 
LVL 65

Assisted Solution

by:btan
btan earned 450 total points
ID: 33609316
Another article that you may be interested using Windows PowerShell Script to check against blacklisting domains. There are some listed

@ http://www.darknet.org.uk/2010/09/windows-powershell-dns-server-blackhole-tool-blacklist-domains/

You can obtain lists of FQDNs and domain names to blackhole for free. Some lists are only for malware, others might be just for pornography, but be aware that they are never 100% complete or accurate (you get what you pay for, so don’t be surprised to find gaps a small number of false positives).

Some of the more popular blackhole lists include (in no particular order):

www.MalwareDomains.com
www.Malware.com.br
www.MalwareDomainList.com
www.MalwareURL.com
www.SomeoneWhoCares.org
mtc.sri.com
www.MVPs.org
www.UrlBlacklist.com (not free)

From sites like the above you can download lists of FQDNs and simple domain names which can be fed into the PowerShell script for this article in order to create blackhole zones on Windows DNS servers. If you have DNS servers running BIND, perhaps on Linux or BSD, then the sites above will also help you import blackhole domains on those DNS servers too (scripts for blackholing on BIND are common).
0
 

Author Closing Comment

by:MALCOLMPIRNIEIT
ID: 33618741
I was given various resources and responses. All provded a variety of the solution I was looking for. However there wasn't any solutions that specifically list C&C Server IPs.
0

Featured Post

[Webinar] Lessons on Recovering from Petya

Skyport is working hard to help customers recover from recent attacks, like the Petya worm. This work has brought to light some important lessons. New malware attacks like this can take down your entire environment. Learn from others mistakes on how to prevent Petya like worms.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

596 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question