Running your own DNSchanger proxies

• Previous message (by thread): Running your own DNSchanger proxies
• Next message (by thread): Running your own DNSchanger proxies
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12-07-07 10:13 PM, Jason Duerstock wrote:
> As an intellectual exercise, I think this is interesting and worth the
> effort.  As an actual implementation, I think it's more effective to block
> DNS traffic to the affected subnets. Let the breakage occur, and then let
> the end users get their broken machines fixed rather than let them continue
> hobbling along with this hack in place.
>
> Jason
Agreed, fixing the problem > patching the problem.



Some other ideas -

  * Assuming you're running the nameserver under Linux, an iptables rule
    would remove the need to have all the ip addresses added (iptables
    -I PREROUTING -t nat -d $badblock/24 -s 0.0.0.0/0 -j DNAT --to
    your.local.ip.address)
  * bind should by default accept connections on all interfaces if you
    don't tell it to bind to anything, unless behaviour has changed in
    versions more recent than my last bind experience
  * Having whatever nameserver you use return a single IP address for
    everything you request, which points you to a single web page that
    explains how to fix the problem can be good
  * that single IP address can also run a pop3/imap server that accepts
    any username/password and dumps the user into a read-only mailbox
    with a single message saying "fix your infected PC"

• Previous message (by thread): Running your own DNSchanger proxies
• Next message (by thread): Running your own DNSchanger proxies
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]