Good Security Mailing list, or Database

Hey everyone I need some recommendations on a Good security mailing list or a site I can check for banned IPs that are from known Command and Control servers.
Basically what I'd like to do is have my router blackhole all traffic from know C&C servers in case hosts on my network are infected (zombie'd), that way at least while they are at work they aren't communicating with them, AND I can track the connection attempts. I know C&C exist and are difficult to shut down, so in the mean time I'd like to do my part and block them.
To do that I need to get the IPs as quickly as possible.
Thanks for the Tips in advance.
MALCOLMPIRNIEITAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Fadi SODAH (aka madunix)Connect With a Mentor Chief Information Security Officer, CISA, CISSP, CFR, ICATE, MCSE, CCNA, CCNP, CCIP, SCSC and SCECommented:
http://urlblacklist.com/
This is a commercial managed URL blacklist service. The bulk of the entries are downloaded from various free sites. The managed part of the service provides:

    * A blacklist considerably larger than most unmaintained blacklists
    * Human verified user submissions
    * A maintained 'remove' list which avoids common accidentally listed sites such as msn.com
    * A maintained 'add' list which ensures common 'bad' sites are always included
    * All you need for your squidGuard and DansGuardian blacklists
0
 
NuttycomputerConnect With a Mentor Commented:
There is a list kept up to date here: http://mtc.sri.com/live_data/cc_servers/

It also lists the command for most firewalls so just copy and paste in.


Alternatively if your concerned about security I would recommend investing in a firewall such as a Juniper 5GTS or a Proxy Server. These can be set to deny traffic by default and then you have to explicitly allow it. They also can be set to log activity.
0
 
MALCOLMPIRNIEITAuthor Commented:
Thanks Nutty,

We actually have a significant investment in our Primiter defenses (Checkpoint), this is for a large corporate network.

To other's: I'll reward the points to the best recommendations, or share if I feel are of equal suggestion.
0
NEW Internet Security Report Now Available!

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out this quarters report on the threats that shook the industry in Q4 2017.

 
btanExec ConsultantCommented:
Check out SquidGuard blacklists which also include the URLblacklist shared by madunix
@ http://www.squidguard.org/blacklists.html

 Also see Spam Links in the link below. It has quite a rich list of reference to cover what may be of relevant. Do a quick search such as "banned", "blacklist", "server" and etc to jump straight to them
@ http://spamlinks.net/filter-bl.htm

Actually I see the tor blacklist will be of interest as well as attacker will anonymise their traffic thru open proxy and even leverage on fast flux type. Below are some good references that may be useful for the network devices
@ http://www.emergingthreats.net/index.php/rules-mainmenu-38.html
@ http://www.malware.com.br/lists.shtml
@https://www.dan.me.uk/dnsbl
@ http://www.opendns.com/solutions/overview/

There are also manual means to check URL against robtex and google safe surfing online - believe it can be automated by crafting out the HTTP request to them
@ http://www.robtex.com/
@ http://it.toolbox.com/wiki/index.php/Google_Safe_Browsing_Diagnostic_Page
0
 
btanConnect With a Mentor Exec ConsultantCommented:
Another article that you may be interested using Windows PowerShell Script to check against blacklisting domains. There are some listed

@ http://www.darknet.org.uk/2010/09/windows-powershell-dns-server-blackhole-tool-blacklist-domains/

You can obtain lists of FQDNs and domain names to blackhole for free. Some lists are only for malware, others might be just for pornography, but be aware that they are never 100% complete or accurate (you get what you pay for, so don’t be surprised to find gaps a small number of false positives).

Some of the more popular blackhole lists include (in no particular order):

www.MalwareDomains.com
www.Malware.com.br
www.MalwareDomainList.com
www.MalwareURL.com
www.SomeoneWhoCares.org
mtc.sri.com
www.MVPs.org
www.UrlBlacklist.com (not free)

From sites like the above you can download lists of FQDNs and simple domain names which can be fed into the PowerShell script for this article in order to create blackhole zones on Windows DNS servers. If you have DNS servers running BIND, perhaps on Linux or BSD, then the sites above will also help you import blackhole domains on those DNS servers too (scripts for blackholing on BIND are common).
0
 
MALCOLMPIRNIEITAuthor Commented:
I was given various resources and responses. All provded a variety of the solution I was looking for. However there wasn't any solutions that specifically list C&C Server IPs.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.