[RPZ] opendns now has some rpz-like features
Paul Vixie
vixie at isc.org
Tue Jun 21 21:49:15 UTC 2011
in <http://www.opendns.com/about/announcements/221/> we see:
And, as it turns out, nearly all malware uses DNS to find its
bot master to "phone home" for instructions. OpenDNS Enterprise
secures the DNS layer and protects networks from being infected
by blocking known malware-hosting websites, but also helps
prevent infected computers from phoning home by blocking the
master command and control servers with which the malware
communicates. This blocking happens both based on known
malicious domain names, and known compromised IP addresses.
and:
OpenDNS Enterprise is now the only malware protection service in
the world that monitors and blocks both known malicious IP
addresses and known malicious domain names, removing the
possibility that OpenDNS Enterprise malware blocking could be
bypassed with a new domain name pointing to a known bad IP
address.
cool stuff.
More information about the DNSfirewalls
mailing list