Tuesday, January 10, 2006

Who needs .info/.biz, anyway?

To quote the people from Sans.org:

Who needs .info/.biz, anyway?

I have blocked access to the *.info and *.biz TLD's at my watchguard firewall 4 months ago. I had to add 5 *.info domains to a whitelist but I got so much in return.

In my blog about the 0-day wmf exploit I recommend the blocking of beehappyy.biz. Guess what showed up in my log's as being block by the 'block all *.biz websites' rule?
That's right beehappyy.biz.
I am glad I did not have to clean that mess up :o)

Also want to block the *.biz and *.info TLD's?

Go to the 'URL Path' function of your HTTP-Proxy and add '*.biz' and '*.info' as pattern matches. You can first set the rules to allow and log, to see if this will work for your network.

I also block the *.ru TLD but I am not going to recommend that because I think that is personal taste.

2 Comments:

Anonymous Anonymous said...

Hi

Thanks for the tips in this blog.

If I don't use HTTP-Proxy, would I achieve the same (or similar)protection through the use of DNS Proxy (Properties | Proxy Action | DNS Outgoing | Query Names | Pattern Add) ??

Thanks
Steve

10:28 PM  
Anonymous Anonymous said...

You know, this has been a fairly normal security practice for a lot of people for a very long time.

8:52 PM  

Post a Comment

<< Home