Episode472

From Paul's Security Weekly
Jump to: navigation, search

Paul's Security Weekly - Episode 472 - 6:00PM

Recorded:

Episode Audio

MP3

Announcements

Make sure you check out our Sponsors from Farday Security, they make awesome tools that integrate results from penetration testing and vulnerability assessment tools. They have a community version that is complete FREE, check it out at https://www.faradaysec.com/securityweekly

Interview: Elizabeth Gossell

Elizabeth Gossell is a Product Strategist at Tenable with a solid background in network security at both Lockheed Martin and Tenable. She holds several professional certifications, including CISSP, CCNA, GCIH and CompTIA. Her unique blend of information security experience and pragmatic marketing contributes to Liz’s insightful research, evaluating competitive solutions and determining differentiators of Tenable solutions.

  1. How tall do I need to be to ride the ride?
  2. What are the evaluation criteria?
  3. What problems do they solve?
  4. Geeky/technical things...
  5. Threat Hunting
  6. Analytics
  7. SEIM / Security Intelligence
  1. Three words to describe yourself
  2. If you were a serial killer, what would be your weapon of choice?
  3. If you wrote a book about yourself, what would the title be?
  4. In the popular game of ass grabby-grabby, do you prefer to go first or second?
  5. Choose two celebrities to be your parents.

Tech Segment: Blocking Ads and Malware Using Bind DNS

Why

Ads are annoying, malware is bad. pfSense wanted to be my DNS server in order to block host names. I built my own DNS and DHCP servers, read on.

Interesting facts and side affects:

  • I found overlap between the ad blocklists and the malware blocklists
  • I created two DNS and DHCP servers, completely redundant
  • They are in fact caching name servers, and point to Google (8.8.8.8 and 8.8.4.4)
  • I plan to add more DNS blocklists and setup a script that can be extended
  • I hate dhcpcd and dnsmasq, it was just easier for me to use the ISC bind and DHCP servers as I have more experience with them (That being said, if you prefer dnsmasq and dhcpcd, go for it)

How

Put Raspbian on two PI 3's, and configure ISC Bind and DHCP Server. Split your range between the two.

Use this script to pull down the block lists, add as many as you like:

HOME=/etc/bind

ADLISTURL="https://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig;showintro=0;zonefilename=/etc/bind/null.zone.file;mimetype=plaintext"
MWLISTURL="http://mirror1.malwaredomains.com/files/spywaredomains.zones"

ADLISTFILE="ad-blacklist"
MWLISTFILE="mw-blacklist"
MWLISTFILECLEAN="mw-blacklist-clean"

ZONEFILE=/etc/bind/nullzone

sed 's/^M$//' < $MWLISTFILE> $MWLISTFILECLEAN

awk '{ print $1 " " $2 " {type master; file \"/etc/bind/nullzone\"; };" }' $ADLISTFULE $MWLISTFILECLEAN | sort | uniq  > /etc/bind/blacklists

Add this file to /etc/bind call "nullzone":

$TTL    86400   ; one day  
@       IN      SOA     ads.int.psw.io. hostmaster.int.psw.io. (
               2014090101
                    28800
                     7200
                   864000
                    86400 )          
                NS      tanaka.int.psw.io.
                NS      orgami.int.psw.io.
                A       127.0.0.1 
@       IN      A       127.0.0.1 
*       IN      A       127.0.0.1

Add this line to your named.conf.local:

include "/etc/bind/blacklists";

"blacklists" will look as follows:

zone "0000mps.webpreview.dsl.net" {type master; file "/etc/bind/nullzone"; };
zone "0001.2waky.com" {type master; file "/etc/bind/nullzone"; };

And you are done!

References

Security News - 7:00PM-8:00PM


Paul's Stories

  1. "How Sony
  2. Alarm systems alarmingly insecure. Oh the irony | Pen Test Partners
  3. "Bits
  4. A Case Study in Attacking KeePass – harmj0y
  5. "FBI Director: Clinton Emails Were Careless
  6. "Nasty BIOS bug slugs Gigabyte
  7. Top Router Maker TP-Link Loses Control Over Configuration Domain
  8. D-Link Wi-Fi Camera Flaw Extends to 120 Products
  9. Celebgate Nudes Hacker Pleads Guilty
  10. Silent Circle Killed Their Warrant Canary
  11. New Backdooring Mac Malware Discovered
  12. WikiLeaks Downed In Apparent Heavyweight Hacker Feud
  13. "Palo Alto Offers $16
  14. Symantec Won't Fix Catastrophic Flaws Until Mid-July

~

Larry's Stories

Joff's Stories

Jack's Stories

Kevin's Stories

Michael's (Santa) Stories