Paul's Security Weekly - Episode 472 - 6:00PM

Episode Audio

Announcements

Make sure you check out our Sponsors from Farday Security, they make awesome tools that integrate results from penetration testing and vulnerability assessment tools. They have a community version that is complete FREE, check it out at https://www.faradaysec.com/securityweekly

Interview: Elizabeth Gossell

Elizabeth Gossell is a Product Strategist at Tenable with a solid background in network security at both Lockheed Martin and Tenable. She holds several professional certifications, including CISSP, CCNA, GCIH and CompTIA. Her unique blend of information security experience and pragmatic marketing contributes to Liz’s insightful research, evaluating competitive solutions and determining differentiators of Tenable solutions.

How tall do I need to be to ride the ride?
What are the evaluation criteria?
What problems do they solve?
Geeky/technical things...
Threat Hunting
Analytics
SEIM / Security Intelligence

Three words to describe yourself.
If you were a serial killer, what would be your weapon of choice?
If you wrote a book about yourself, what would the title be?
In the popular game of ass grabby-grabby, do you prefer to go first or second?
Choose two celebrities to be your parents.

Tech Segment: Blocking Ads and Malware Using Bind DNS

Why

Ads are annoying, malware is bad. pfSense wanted to be my DNS server in order to block host names. I built my own DNS and DHCP servers, read on.

Interesting facts and side affects:

I found overlap between the ad blocklists and the malware blocklists
I created two DNS and DHCP servers, completely redundant
They are in fact caching name servers, and point to Google (8.8.8.8 and 8.8.4.4)
I plan to add more DNS blocklists and setup a script that can be extended
I hate dhcpcd and dnsmasq, it was just easier for me to use the ISC bind and DHCP servers as I have more experience with them (That being said, if you prefer dnsmasq and dhcpcd, go for it)

How

Put Raspbian on two PI 3's, and configure ISC Bind and DHCP Server. Split your range between the two.

Use this script to pull down the block lists, add as many as you like:

HOME=/etc/bind

ADLISTURL="https://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig;showintro=0;zonefilename=/etc/bind/null.zone.file;mimetype=plaintext"
MWLISTURL="http://mirror1.malwaredomains.com/files/spywaredomains.zones"

ADLISTFILE="ad-blacklist"
MWLISTFILE="mw-blacklist"
MWLISTFILECLEAN="mw-blacklist-clean"

ZONEFILE=/etc/bind/nullzone

sed 's/^M$//' < $MWLISTFILE> $MWLISTFILECLEAN

awk '{ print $1 " " $2 " {type master; file \"/etc/bind/nullzone\"; };" }' $ADLISTFULE $MWLISTFILECLEAN | sort | uniq  > /etc/bind/blacklists

Add this file to /etc/bind call "nullzone":

$TTL    86400   ; one day  
@       IN      SOA     ads.int.psw.io. hostmaster.int.psw.io. (
               2014090101
                    28800
                     7200
                   864000
                    86400 )          
                NS      tanaka.int.psw.io.
                NS      orgami.int.psw.io.
                A       127.0.0.1 
@       IN      A       127.0.0.1 
*       IN      A       127.0.0.1

Add this line to your named.conf.local:

include "/etc/bind/blacklists";

"blacklists" will look as follows:

zone "0000mps.webpreview.dsl.net" {type master; file "/etc/bind/nullzone"; };
zone "0001.2waky.com" {type master; file "/etc/bind/nullzone"; };

Episode472

Contents

Paul's Security Weekly - Episode 472 - 6:00PM

Episode Audio

Announcements

Interview: Elizabeth Gossell

Tech Segment: Blocking Ads and Malware Using Bind DNS

Why

How

References

Security News - 7:00PM-8:00PM

Paul's Stories

Larry's Stories

Joff's Stories

Jack's Stories

Kevin's Stories

Michael's (Santa) Stories

Navigation menu

Page actions

Page actions

Personal tools

Shows

Security Weekly Links

Social Media

Search

Tools