Episode472
Contents
Paul's Security Weekly - Episode 472 - 6:00PM
Episode Audio
Announcements
Make sure you check out our Sponsors from Farday Security, they make awesome tools that integrate results from penetration testing and vulnerability assessment tools. They have a community version that is complete FREE, check it out at https://www.faradaysec.com/securityweekly
Interview: Elizabeth Gossell
Elizabeth Gossell is a Product Strategist at Tenable with a solid background in network security at both Lockheed Martin and Tenable. She holds several professional certifications, including CISSP, CCNA, GCIH and CompTIA. Her unique blend of information security experience and pragmatic marketing contributes to Liz’s insightful research, evaluating competitive solutions and determining differentiators of Tenable solutions.
- How tall do I need to be to ride the ride?
- What are the evaluation criteria?
- What problems do they solve?
- Geeky/technical things...
- Threat Hunting
- Analytics
- SEIM / Security Intelligence
- Three words to describe yourself.
- If you were a serial killer, what would be your weapon of choice?
- If you wrote a book about yourself, what would the title be?
- In the popular game of ass grabby-grabby, do you prefer to go first or second?
- Choose two celebrities to be your parents.
Tech Segment: Blocking Ads and Malware Using Bind DNS
Why
Ads are annoying, malware is bad. pfSense wanted to be my DNS server in order to block host names. I built my own DNS and DHCP servers, read on.
Interesting facts and side affects:
- I found overlap between the ad blocklists and the malware blocklists
- I created two DNS and DHCP servers, completely redundant
- They are in fact caching name servers, and point to Google (8.8.8.8 and 8.8.4.4)
- I plan to add more DNS blocklists and setup a script that can be extended
- I hate dhcpcd and dnsmasq, it was just easier for me to use the ISC bind and DHCP servers as I have more experience with them (That being said, if you prefer dnsmasq and dhcpcd, go for it)
How
Put Raspbian on two PI 3's, and configure ISC Bind and DHCP Server. Split your range between the two.
Use this script to pull down the block lists, add as many as you like:
HOME=/etc/bind ADLISTURL="https://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig;showintro=0;zonefilename=/etc/bind/null.zone.file;mimetype=plaintext" MWLISTURL="http://mirror1.malwaredomains.com/files/spywaredomains.zones" ADLISTFILE="ad-blacklist" MWLISTFILE="mw-blacklist" MWLISTFILECLEAN="mw-blacklist-clean" ZONEFILE=/etc/bind/nullzone sed 's/^M$//' < $MWLISTFILE> $MWLISTFILECLEAN awk '{ print $1 " " $2 " {type master; file \"/etc/bind/nullzone\"; };" }' $ADLISTFULE $MWLISTFILECLEAN | sort | uniq > /etc/bind/blacklists
Add this file to /etc/bind call "nullzone":
$TTL 86400 ; one day @ IN SOA ads.int.psw.io. hostmaster.int.psw.io. ( 2014090101 28800 7200 864000 86400 ) NS tanaka.int.psw.io. NS orgami.int.psw.io. A 127.0.0.1 @ IN A 127.0.0.1 * IN A 127.0.0.1
Add this line to your named.conf.local:
include "/etc/bind/blacklists";
"blacklists" will look as follows:
zone "0000mps.webpreview.dsl.net" {type master; file "/etc/bind/nullzone"; }; zone "0001.2waky.com" {type master; file "/etc/bind/nullzone"; };
And you are done!
References
- http://www.deer-run.com/~hal/sysadmin/dns-advert.html
- http://jacobsalmela.com/block-millions-ads-network-wide-with-a-raspberry-pi-hole-2-0/#blockmalware
- http://charlieharvey.org.uk/page/adblocking_with_bind_apache
Security News - 7:00PM-8:00PM
Paul's Stories
- "How Sony
- Alarm systems alarmingly insecure. Oh the irony | Pen Test Partners
- "Bits
- A Case Study in Attacking KeePass – harmj0y
- "FBI Director: Clinton Emails Were Careless
- "Nasty BIOS bug slugs Gigabyte
- Top Router Maker TP-Link Loses Control Over Configuration Domain
- D-Link Wi-Fi Camera Flaw Extends to 120 Products
- Celebgate Nudes Hacker Pleads Guilty
- Silent Circle Killed Their Warrant Canary
- New Backdooring Mac Malware Discovered
- WikiLeaks Downed In Apparent Heavyweight Hacker Feud
- "Palo Alto Offers $16
- Symantec Won't Fix Catastrophic Flaws Until Mid-July
~