Welcome to ISAserver.org
Forums |
Register |
Login |
My Profile |
Inbox |
RSS 
|
My Subscription |
My Forums |
Address Book |
Member List |
Search |
FAQ |
Ticket List |
Log Out
RE: Hosts file to block badware
|
Users viewing this topic:
none
|
Logged in as: Guest
|
Login  | |
|
RE: Hosts file to block badware - 16.Nov.2006 9:21:50 AM
|
|
|
mciftci
Posts: 4
Joined: 7.Jun.2006
Status: offline
|
How about if Malware is using ip address directly instead of domain name?
_____________________________
mciftci
|
|
|
|
|
RE: Hosts file to block badware - 16.Nov.2006 8:37:42 PM
|
|
|
RobJohn
Posts: 87
Joined: 28.Feb.2001
From: Montgomery, Al
Status: offline
|
If malware is using ip instead of domain name I'm not sure. I think it would then depend if the malware uses your proxy setttings, if it does, I'm not sure how ISA would treat it since a nslookup is not required.
It would then depend on how effective your other layers (Defense in Depth) are. For my work network these are the key components:
1) each host has its own IPS, AV, AS protection system to prevent infection or abuses.
2) all servers and PCs are religiously patched to prevent vulnerabilities from being exploited
3) very few users have admin rights
4) All traffic on the network is controlled via PERMIT statements at the gateways (Inbound and Outbound), all other traffic is IMPLICITLY DENIED.
5) A behavior based IDS/IPS (Lancope Stealthwatch) monitors and analyzes all traffic traversing the network via span ports on our Core switches. We know within seconds any out of profile, suspicious, or unauthorized traffic.
6) ISA is used to filter HTTP destinations, content and applications.
_____________________________
Rob John
MCSE, CCNA
|
|
|
|
|
RE: Hosts file to block badware - 13.Feb.2008 3:54:56 PM
|
|
|
TimTrace
Posts: 105
Joined: 31.Oct.2001
From: St. Louis MO
Status: offline
|
Thought I'd chime in on this old thread...I just implemented the host files in the manner described in this thread. Working like a champ.
I dropped HostsExpert onto my ISA server and I can use it to download the hosts files from MVPS.ORG and HOSTS-FILE.NET, merge and sort them, apply whitelists, and do all kinds of neat tricks.
|
|
|
|
|
RE: Hosts file to block badware - 13.Feb.2008 4:08:20 PM
|
|
|
elmajdal
Posts: 5024
Joined: 16.Sep.2004
From: Lebanese in Kuwait
Status: online
|
Hi Tim,
Thanks for the info
quote:
HostsExpert
Does this tool automate the download of the hosts file ??
_____________________________
Tarek Majdalani
MS Forefront Edge Security MVP
Website : http://www.elmajdal.net/ISAServer
New Section : http://www.elmajdal.net/Win2k8
|
|
|
|
|
RE: Hosts file to block badware - 13.Feb.2008 4:50:35 PM
|
|
|
TimTrace
Posts: 105
Joined: 31.Oct.2001
From: St. Louis MO
Status: offline
|
No, sir. It is for manual operation. But it is a clever tool nonetheless.
http://www.funkytoad.com
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
Printable Version
