[geeks] filtering out web base trojan?
Lionel Peterson
lionel4287 at verizon.net
Mon Mar 17 06:40:55 CDT 2008
>From: "Sheldon T. Hall" <shel at artell.net>
>Date: 2008/03/16 Sun PM 12:31:22 CDT
>To: 'The Geeks List' <geeks at sunhelp.org>
>Subject: Re: [geeks] filtering out web base trojan?
> The Kama Sutra of Sridhar Ayengar reads thusly ...
>> Sheldon T. Hall wrote:
>> >
>> > I really miss running my own DNS server; it was easy to
>> > block a large
>> > percentage of advertising sites outright, by getting the
>> > list from YoYo
>> > (http://pgl.yoyo.org/adservers) and letting DNS point those
>> > host names to
>> > localhost. I added a list of known malware sites and other
>> > bad actors, too,
>> > of course. It wasn't foolproof, and it did require
>> > maintenance, but I really liked the results.
>>
>> You can do the same thing with hosts files.
>
>Yep, but doing it at the DNS server is easier if you have multiple machines,
>which I did. Doing it on the UNIX-based DNS server made it easier to
>automate the update process, too. I've always found that automating
>Windows processes is a PITA.
>
>Also, in the past, having a massive hosts file under Windows resulted in
>abominable system performance. They may have fixed that, I dunno.
>
>FWIW YoYo makes their AdServers file available in multiple formats, includng
>hosts file format, BIND, etc.
FWIW, and without any in-depth investigation on my part (it's early, and the caffine hasn't kicked in yet ;^), couldn't this simply be run off one of the third-party firmware updates to the consumer routers (like DD-WRT)? I know it provides DNS proxy services, but I wonder if it does/could include a service like the YoYo service you mentioned...
Lionel
More information about the geeks
mailing list