GithubHelp home page GithubHelp logo

flupsy / malwaredomains-rpz Goto Github PK

View Code? Open in Web Editor NEW
3.0 2.0 1.0 17 KB

A script to build a Response Policy Zone from malwaredomains.com data

License: GNU General Public License v3.0

Shell 100.00%

malwaredomains-rpz's Introduction

malwaredomains RPZ

A script to build a Response Policy Zone from malwaredomains.com data.

Background and rationale

The lovely people at RiskAnalytics provide lists of domains known to serve malware at http://www.malwaredomains.com/. It makes these available in several formats including DNS zone files. They don't even charge for the service which is, frankly, awesome!

Many people configure their DNS servers so that they spoof the zone for each domain such that traffic is redirected to 127.0.0.1 (i.e. your own machine). This effectively stops hosts on that network from connecting to those zones and downloading unpleasant stuff. However, if you're running a local webserver, say for development purposes, things can get confusing very quickly!

An alternative is using a DNS Response Policy Zone. This requires BIND version 9.8 or greater (or another DNS server that supports RPZ). RPZs are much more flexible than the approach above because it gives us finer control over what we want the DNS server to tell the client. I have taken the approach that returning NXDOMAIN is the cleanest way of blocking traffic to these domains because a web browser will immediately give up on receiving that response. There's no need to worry that a local webserver might interfere with domain blocking.

What the script does

This script builds an RPZ by including a local set of records (which might be blank), then one line per malware domain. It then reloads BIND to bring the new RPZ into play.

It's a naive little hack that might need some tweaking, in particular:

  • MY_RPZ_RECORDS should contain your local RPZ stuff. I have records in here to stop my television phoning home and to curtail Windows 10's telemetry.
  • MY_RPZ_ZONE is the output zonefile. This will need both zone and response-policy stanzas in your BIND configuration.
  • MY_RPZ_ZONE_NAME is the name of your RPZ zone.
  • MALWARE_URL is where to get the list of bad domains from. You could be nice and use a local mirror.
  • MALWARE_MIN_LINES is the minimum number of lines that the script will accept in the bad domains list before it will go any further. This is to stop empty RPZs being generated if the list is empty or very short.

What the script doesn't do

  • Many things.

Are patches and issues welcome?

Of course! I don't turn down free help!

Ian Chard

25th January 2018

malwaredomains-rpz's People

Contributors

flupsy avatar

Stargazers

avatar avatar avatar

Watchers

avatar avatar

Forkers

gidobossftw5731

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.