• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

MalwareDomains.com

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Misc.] >> ISA Firewall Tools >> MalwareDomains.com Page: [1]
Login
Message << Older Topic   Newer Topic >>
MalwareDomains.com - 22.Apr.2008 9:02:30 PM   
fixitchris

 

Posts: 148
Joined: 23.May2007
Status: offline
Here is a tool to import the domains.txt from MalwareDomains.com

http://sync-io.net/ISATools.aspx

Enjoy.

Any feedback is welcome.
chris

< Message edited by fixitchris -- 4.May2008 11:32:02 AM >
Post #: 1
RE: MalwareDomains.com - 4.May2008 11:34:21 AM   
fixitchris

 

Posts: 148
Joined: 23.May2007
Status: offline
ITENG:  This is the file http://www.malwaredomains.com/files/domains.txt
and yes it does work.

Domains.txt contains domain names only, such as BADDOMAIN.com.  I recommend you import the file as a DNS Set and include BADDOMAIN.COM AND *.BADDOMAIN.COM. 

With this setup you'll be creating a DNS set with over 40000 entries.  This does not seem to have an impact on ISA server.

chris

< Message edited by fixitchris -- 4.May2008 11:48:14 AM >

(in reply to fixitchris)
Post #: 2
RE: MalwareDomains.com - 4.May2008 11:53:46 AM   
ITEngineer

 

Posts: 270
Joined: 3.Feb.2006
Status: offline
Thank you chris.


also how about to do a GUI that would disable, enable rules remotely.

for example, i used to work in a school, where the teacher needs to enable the rule to be used by his student, once his lecture ends, he needs to disable the rule.

as an ISA admin, i dont wish to give admin access for every teacher, so to have a simple stand alone GUI that would enable disable rule(s) remotely is a wonderful solution.

I have plenty of ideas in my queue

(in reply to fixitchris)
Post #: 3
RE: MalwareDomains.com - 4.May2008 12:12:23 PM   
fixitchris

 

Posts: 148
Joined: 23.May2007
Status: offline
You're welcome.

Let's continue the new idea here
http://forums.isaserver.org/m_2002066346/mpage_1/key_/tm.htm#2002066347

(in reply to ITEngineer)
Post #: 4
RE: MalwareDomains.com - 12.Jun.2008 12:59:47 PM   
fixitchris

 

Posts: 148
Joined: 23.May2007
Status: offline
You can now run this app as a scheduled job with no user intervention.

http://www.sync-io.net/Files/ISA_MalwareDomains_Binary.zip




(in reply to fixitchris)
Post #: 5
RE: MalwareDomains.com - 12.Jun.2008 3:22:21 PM   
elmajdal

 

Posts: 6022
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline
Hi Chris,

Cool !

I like it :)

_____________________________

Tarek Majdalani

Windows Expert - IT Pro MVP
Facebook : https://www.facebook.com/ElMajdal.Net

(in reply to fixitchris)
Post #: 6
RE: MalwareDomains.com - 8.Aug.2008 10:08:47 AM   
fixitchris

 

Posts: 148
Joined: 23.May2007
Status: offline
Running automatically with local user:

Add to scheduler with AT command to run below as SYSTEM

ntrights.exe -u isajobuser +r SeBatchLogonRight

(in reply to fixitchris)
Post #: 7
RE: MalwareDomains.com - 13.Aug.2008 7:02:34 PM   
Eng_A_Moktar

 

Posts: 44
Joined: 17.Dec.2007
Status: offline
it is a txt file , how 'd i import it ???

(in reply to fixitchris)
Post #: 8
RE: MalwareDomains.com - 13.Aug.2008 8:58:11 PM   
fixitchris

 

Posts: 148
Joined: 23.May2007
Status: offline
Download and run http://www.sync-io.net/Files/ISA_MalwareDomains_Binary.zip

You tell the program whether you want to import as URL or DNS set, give it a name, specify a proxy (if needed), and execute.

(in reply to Eng_A_Moktar)
Post #: 9
RE: MalwareDomains.com - 14.Aug.2008 9:05:52 AM   
Eng_A_Moktar

 

Posts: 44
Joined: 17.Dec.2007
Status: offline
thanx , i was hasty. i had to try it first , thanx again

(in reply to fixitchris)
Post #: 10
RE: MalwareDomains.com - 27.Aug.2008 7:12:09 AM   
ari.lehtimaki

 

Posts: 4
Joined: 27.Aug.2008
Status: offline
Is there any help file to the console version. How can I set the correct settings to the config file? I would like to set it to recieve updates say once a week.

(in reply to fixitchris)
Post #: 11
RE: MalwareDomains.com - 27.Aug.2008 10:02:19 AM   
fixitchris

 

Posts: 148
Joined: 23.May2007
Status: offline
Running the Console as a scheduled task:

1. Run the GUI versoin, set your settings on-screen the way you want and click the Export button.

2. Run ISA_MalwareDomains_Console by passing it the config file created in the previous step (eg.  ISA_MalwareDomains_Console.exe "C:\White Space Dir\config.mdc"). The output is logged to MDC.log in the current folder.

You will have to create a scheduled task to run the Console on a schedule.  I recommend you use a limited user account.  If you do then you will need to use the AT command to run the following prior to running MalwareDomains Import:

ntrights.exe -u isajobUser +r SeBatchLogonRight

After the MalwareDomains update completes you should run

ntrights.exe -u isajobUser -r SeBatchLogonRight

(The reason for running these commands with AT is that they have to be executed SYSTEM)

< Message edited by fixitchris -- 27.Aug.2008 10:45:11 AM >

(in reply to ari.lehtimaki)
Post #: 12
RE: MalwareDomains.com - 2.Sep.2008 6:34:24 AM   
ari.lehtimaki

 

Posts: 4
Joined: 27.Aug.2008
Status: offline
Works like a charm. Thanks!

(in reply to fixitchris)
Post #: 13
RE: MalwareDomains.com - 15.Sep.2008 1:47:19 PM   
nak

 

Posts: 4
Joined: 6.Feb.2008
Status: offline
I recently started having a problem with the ISA_MalwareDomains importer.  When I run it all seems to go well until I get this message -

"Cannot create a file when that file already exists.  The error occurred on object 'MalwareDomains' of class 'URL Set' in the scope of array 'servername'."

This occurs at about the point where it the GUI would transition from the  'Create URL/DNS Set' line to the 'Save URL/DNS Set' line.

Any advice on what may be going on?

Thanks,

(in reply to fixitchris)
Post #: 14
RE: MalwareDomains.com - 15.Sep.2008 2:13:51 PM   
fixitchris

 

Posts: 148
Joined: 23.May2007
Status: offline
 
nak,
Please download latest build from http://sync-io.net/IsaTools.aspx

Refernce: http://forums.isaserver.org/MalwareDomains%25com_ISA_Import_fails%25/m_2002071089/tm.htm

(in reply to nak)
Post #: 15
RE: MalwareDomains.com - 15.Sep.2008 2:42:27 PM   
nak

 

Posts: 4
Joined: 6.Feb.2008
Status: offline
That did it.  Thanks for the great tool and quick reply.  Sorry for the duplicate.  

(in reply to fixitchris)
Post #: 16
RE: MalwareDomains.com - 22.Sep.2008 10:32:19 PM   
anhptnn

 

Posts: 4
Joined: 22.Sep.2008
Status: offline
After I run this software, I could get domains.txt file with DNS set. When I tried to import into "Domain Name Set" of ISA. It appeared in an incorrect format.
Anybody could help me with this?
I don't know how to import image into forum.

(in reply to fixitchris)
Post #: 17
RE: MalwareDomains.com - 23.Sep.2008 9:11:07 AM   
fixitchris

 

Posts: 148
Joined: 23.May2007
Status: offline
Please email all errors to chris@sync-io.net.  I will take care of it.

(in reply to anhptnn)
Post #: 18
RE: MalwareDomains.com - 19.Oct.2008 7:21:59 AM   
justmee

 

Posts: 505
Joined: 14.May2007
Status: offline
Nice tool.

(in reply to fixitchris)
Post #: 19

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Misc.] >> ISA Firewall Tools >> MalwareDomains.com Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts