Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

MalwareDomains.com

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Misc.] >> ISA Firewall Tools >> MalwareDomains.com Page: [1]
Login
Message << Older Topic   Newer Topic >>
MalwareDomains.com - 22.Apr.2008 9:02:30 PM   
fixitchris

 

Posts: 112
Joined: 23.May2007
Status: offline 		Here is a tool to import the domains.txt from MalwareDomains.com

http://sync-io.net/ISATools.aspx

Enjoy.

Any feedback is welcome.
chris

< Message edited by fixitchris -- 4.May2008 11:32:02 AM >
Post #: 1
RE: MalwareDomains.com - 4.May2008 11:34:21 AM   
fixitchris

 

Posts: 112
Joined: 23.May2007
Status: offline 		ITENG:  This is the file http://www.malwaredomains.com/files/domains.txt
and yes it does work.

Domains.txt contains domain names only, such as BADDOMAIN.com.  I recommend you import the file as a DNS Set and include BADDOMAIN.COM AND *.BADDOMAIN.COM. 

With this setup you'll be creating a DNS set with over 40000 entries.  This does not seem to have an impact on ISA server.

chris

< Message edited by fixitchris -- 4.May2008 11:48:14 AM >

(in reply to fixitchris)
Post #: 2
RE: MalwareDomains.com - 4.May2008 11:53:46 AM   
ITEngineer

 

Posts: 254
Joined: 3.Feb.2006
Status: offline 		Thank you chris.


also how about to do a GUI that would disable, enable rules remotely.

for example, i used to work in a school, where the teacher needs to enable the rule to be used by his student, once his lecture ends, he needs to disable the rule.

as an ISA admin, i dont wish to give admin access for every teacher, so to have a simple stand alone GUI that would enable disable rule(s) remotely is a wonderful solution.

I have plenty of ideas in my queue

(in reply to fixitchris)
Post #: 3
RE: MalwareDomains.com - 4.May2008 12:12:23 PM   
fixitchris

 

Posts: 112
Joined: 23.May2007
Status: offline 		You're welcome.

Let's continue the new idea here
http://forums.isaserver.org/m_2002066346/mpage_1/key_/tm.htm#2002066347

(in reply to ITEngineer)
Post #: 4
RE: MalwareDomains.com - 12.Jun.2008 12:59:47 PM   
fixitchris

 

Posts: 112
Joined: 23.May2007
Status: offline 		You can now run this app as a scheduled job with no user intervention.

http://www.sync-io.net/Files/ISA_MalwareDomains_Binary.zip




(in reply to fixitchris)
Post #: 5
RE: MalwareDomains.com - 12.Jun.2008 3:22:21 PM   
elmajdal

 

Posts: 4944
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: offline 		Hi Chris,

Cool !

I like it :)

_____________________________

Tarek Majdalani

MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8

(in reply to fixitchris)
Post #: 6
RE: MalwareDomains.com - 8.Aug.2008 10:08:47 AM   
fixitchris

 

Posts: 112
Joined: 23.May2007
Status: offline 		Running automatically with local user:

Add to scheduler with AT command to run below as SYSTEM

ntrights.exe -u isajobuser +r SeBatchLogonRight

(in reply to fixitchris)
Post #: 7
RE: MalwareDomains.com - 13.Aug.2008 7:02:34 PM   
Eng_A_Moktar

 

Posts: 35
Joined: 17.Dec.2007
Status: offline 		it is a txt file , how 'd i import it ???

(in reply to fixitchris)
Post #: 8
RE: MalwareDomains.com - 13.Aug.2008 8:58:11 PM   
fixitchris

 

Posts: 112
Joined: 23.May2007
Status: offline 		Download and run http://www.sync-io.net/Files/ISA_MalwareDomains_Binary.zip

You tell the program whether you want to import as URL or DNS set, give it a name, specify a proxy (if needed), and execute.

(in reply to Eng_A_Moktar)
Post #: 9
RE: MalwareDomains.com - 14.Aug.2008 9:05:52 AM   
Eng_A_Moktar

 

Posts: 35
Joined: 17.Dec.2007
Status: offline 		thanx , i was hasty. i had to try it first , thanx again

(in reply to fixitchris)
Post #: 10
RE: MalwareDomains.com - 27.Aug.2008 7:12:09 AM   
ari.lehtimaki

 

Posts: 2
Joined: 27.Aug.2008
Status: offline 		Is there any help file to the console version. How can I set the correct settings to the config file? I would like to set it to recieve updates say once a week.

(in reply to fixitchris)
Post #: 11
RE: MalwareDomains.com - 27.Aug.2008 10:02:19 AM   
fixitchris

 

Posts: 112
Joined: 23.May2007
Status: offline 		Running the Console as a scheduled task:

1. Run the GUI versoin, set your settings on-screen the way you want and click the Export button.

2. Run ISA_MalwareDomains_Console by passing it the config file created in the previous step (eg.  ISA_MalwareDomains_Console.exe "C:\White Space Dir\config.mdc"). The output is logged to MDC.log in the current folder.

You will have to create a scheduled task to run the Console on a schedule.  I recommend you use a limited user account.  If you do then you will need to use the AT command to run the following prior to running MalwareDomains Import:

ntrights.exe -u isajobUser +r SeBatchLogonRight

After the MalwareDomains update completes you should run

ntrights.exe -u isajobUser -r SeBatchLogonRight

(The reason for running these commands with AT is that they have to be executed SYSTEM)

< Message edited by fixitchris -- 27.Aug.2008 10:45:11 AM >

(in reply to ari.lehtimaki)
Post #: 12

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Misc.] >> ISA Firewall Tools >> MalwareDomains.com Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts