DNS enhancement catches malware sites by understanding sneaky domain names

[Chiefcrowe]

http://arstechnica.com/security/201...re-sites-by-understanding-sneaky-domain-names

 

[MustISO]

Very nice. Unfortunately the criminals are always working on new ways. I'd personally like to see the process of purchasing a domain more scrutinized. Some of these botnets register thousands of domains to keep from being detected. That just shouldn't be allowed.

 

[VirtualLarry]

Wow, that sounds great. Friend of mine got a popup ad while browsing on linux, and the domain name was something like alert.norton.com.ok-pc-alert.com . It popped up a page that looked kind of like a Norton AV alert, and claimed that you "had to" call their toll-free number, because there was something wrong with your computer.

 

[seepy83]

Somewhat related article on some research into the Anthem breach: http://www.threatconnect.com/news/the-anthem-hack-all-roads-lead-to-china/
In that article, they talk about the threat actors using the domain we11point[.]com to impersonate wellpoint[.]com, prennera[.]com to impersonate premera[.]com, etc.

 

[Chiefcrowe]

Completely with you on this one.. registration and probably SSL certificates should have a more rigorous confirmation process to weed out the bots!

Very nice. Unfortunately the criminals are always working on new ways. I'd personally like to see the process of purchasing a domain more scrutinized. Some of these botnets register thousands of domains to keep from being detected. That just shouldn't be allowed.

 

[John Connor]

Been using OpenDNS for about 6 years now. It gets better and better. Everyone should use OpenDNS manually entered in their laptop's WIFI adapter so you don't risk DNS poisoning. I read about that as a warning to people that may be attending Defcon in Vegas and using the hotel's WIFI. LOL

 

[HOSED]

IF you only use your system at home on the same router (FIOS in this case) is it sufficient to change the DNS server to OpenDNS on the router only? I am running win 7 and Bodhi Linux (ubuntu 14.04 variant). Thanks for any tips or advise. IS this a good procedure to follow if kids may use your system once in a while? https://support.opendns.com/entries/46060260-FamilyShield-Router-Configuration-Instructions

 

[seepy83]

IF you only use your system at home on the same router (FIOS in this case) is it sufficient to change the DNS server to OpenDNS on the router only?

That's sufficient until your router has a vulnerability that allows an attacker to change the DNS settings. Same goes for setting the DNS servers on your hosts...it's all good until there is a vulnerability that gets exploited.

Or, until your network (not necessarily your SOHO router, itself), or a host on your home network, is exploited and an attacker can MitM or impersonate your router to poison DNS (or do anything else, for that matter)

 

[PliotronX]

Been using OpenDNS for about 6 years now. It gets better and better. Everyone should use OpenDNS manually entered in their laptop's WIFI adapter so you don't risk DNS poisoning. I read about that as a warning to people that may be attending Defcon in Vegas and using the hotel's WIFI. LOL

Same! Their servers tend to have lower latency than Google's and 100% less creep factor. This is definitely icing on the cake :wub:

 

[John Connor]

IF you only use your system at home on the same router (FIOS in this case) is it sufficient to change the DNS server to OpenDNS on the router only? I am running win 7 and Bodhi Linux (ubuntu 14.04 variant). Thanks for any tips or advise. IS this a good procedure to follow if kids may use your system once in a while? https://support.opendns.com/entries/46060260-FamilyShield-Router-Configuration-Instructions

Yes. And if you have a router that is compatible with the third party firmware DD-WRT that would be even better. But you must do it right. Mine is flashed with DD-WRT and I use OpenDNS in the router.