Solved

Good Security Mailing list, or Database

Posted on 2010-09-02
6
433 Views
Last Modified: 2013-11-22
Hey everyone I need some recommendations on a Good security mailing list or a site I can check for banned IPs that are from known Command and Control servers.
Basically what I'd like to do is have my router blackhole all traffic from know C&C servers in case hosts on my network are infected (zombie'd), that way at least while they are at work they aren't communicating with them, AND I can track the connection attempts. I know C&C exist and are difficult to shut down, so in the mean time I'd like to do my part and block them.
To do that I need to get the IPs as quickly as possible.
Thanks for the Tips in advance.
0
Comment
Question by:MALCOLMPIRNIEIT
6 Comments
 
LVL 6

Assisted Solution

by:Nuttycomputer
Nuttycomputer earned 150 total points
ID: 33592463
There is a list kept up to date here: http://mtc.sri.com/live_data/cc_servers/

It also lists the command for most firewalls so just copy and paste in.


Alternatively if your concerned about security I would recommend investing in a firewall such as a Juniper 5GTS or a Proxy Server. These can be set to deny traffic by default and then you have to explicitly allow it. They also can be set to log activity.
0
 

Author Comment

by:MALCOLMPIRNIEIT
ID: 33592482
Thanks Nutty,

We actually have a significant investment in our Primiter defenses (Checkpoint), this is for a large corporate network.

To other's: I'll reward the points to the best recommendations, or share if I feel are of equal suggestion.
0
 
LVL 25

Accepted Solution

by:
madunix earned 200 total points
ID: 33600374
http://urlblacklist.com/
This is a commercial managed URL blacklist service. The bulk of the entries are downloaded from various free sites. The managed part of the service provides:

    * A blacklist considerably larger than most unmaintained blacklists
    * Human verified user submissions
    * A maintained 'remove' list which avoids common accidentally listed sites such as msn.com
    * A maintained 'add' list which ensures common 'bad' sites are always included
    * All you need for your squidGuard and DansGuardian blacklists
0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 62

Expert Comment

by:btan
ID: 33605730
Check out SquidGuard blacklists which also include the URLblacklist shared by madunix
@ http://www.squidguard.org/blacklists.html

 Also see Spam Links in the link below. It has quite a rich list of reference to cover what may be of relevant. Do a quick search such as "banned", "blacklist", "server" and etc to jump straight to them
@ http://spamlinks.net/filter-bl.htm

Actually I see the tor blacklist will be of interest as well as attacker will anonymise their traffic thru open proxy and even leverage on fast flux type. Below are some good references that may be useful for the network devices
@ http://www.emergingthreats.net/index.php/rules-mainmenu-38.html
@ http://www.malware.com.br/lists.shtml
@https://www.dan.me.uk/dnsbl
@ http://www.opendns.com/solutions/overview/

There are also manual means to check URL against robtex and google safe surfing online - believe it can be automated by crafting out the HTTP request to them
@ http://www.robtex.com/
@ http://it.toolbox.com/wiki/index.php/Google_Safe_Browsing_Diagnostic_Page
0
 
LVL 62

Assisted Solution

by:btan
btan earned 150 total points
ID: 33609316
Another article that you may be interested using Windows PowerShell Script to check against blacklisting domains. There are some listed

@ http://www.darknet.org.uk/2010/09/windows-powershell-dns-server-blackhole-tool-blacklist-domains/

You can obtain lists of FQDNs and domain names to blackhole for free. Some lists are only for malware, others might be just for pornography, but be aware that they are never 100% complete or accurate (you get what you pay for, so don’t be surprised to find gaps a small number of false positives).

Some of the more popular blackhole lists include (in no particular order):

www.MalwareDomains.com
www.Malware.com.br
www.MalwareDomainList.com
www.MalwareURL.com
www.SomeoneWhoCares.org
mtc.sri.com
www.MVPs.org
www.UrlBlacklist.com (not free)

From sites like the above you can download lists of FQDNs and simple domain names which can be fed into the PowerShell script for this article in order to create blackhole zones on Windows DNS servers. If you have DNS servers running BIND, perhaps on Linux or BSD, then the sites above will also help you import blackhole domains on those DNS servers too (scripts for blackholing on BIND are common).
0
 

Author Closing Comment

by:MALCOLMPIRNIEIT
ID: 33618741
I was given various resources and responses. All provded a variety of the solution I was looking for. However there wasn't any solutions that specifically list C&C Server IPs.
0

Featured Post

Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
svg file 10 84
What is a hashed password and/or MD5? 5 63
Blocking content from YouTube 3 84
Encrypt a drive for use only in work environment? 10 57
Never store passwords in plain text or just their hash: it seems a no-brainier, but there are still plenty of people doing that. I present the why and how on this subject, offering my own real life solution that you can implement right away, bringin…
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now