This is a Windows PowerShell Script to help you with blacklisting domains you wish to block in your networks.
We have written about PowerShell before, it is something which can make the windows shell a lot more flexible.
On the external DNS servers you can create primary zones for the domain names and FQDNs you do not want your users to resolve correctly. These DNS zones will all return an incorrect IP address, such as “0.0.0.0″ or the address of an internal server, not the real address. Because the organization’s internal DNS servers are configured to forward their requests to these external DNS servers in the DMZ, the internal DNS servers will cache these incorrect addresses too when the external DNS servers respond. So, when an internal client tries to resolve an unwanted DNS name, it will receive a response, but the IP address returned will be incorrect. Because an IP address of “0.0.0.0″ is unreachable, these unwanted zones created on the external DNS servers are said to be “blackholed”, “blacklisted” or “blocklisted”.
What to block? You can obtain lists of FQDNs and domain names to blackhole for free. Some lists are only for malware, others might be just for pornography, but be aware that they are never 100% complete or accurate (you get what you pay for, so don’t be surprised to find gaps a small number of false positives).
Some of the more popular blackhole lists include (in no particular order):
From sites like the above you can download lists of FQDNs and simple domain names which can be fed into the PowerShell script for this article in order to create blackhole zones on Windows DNS servers. If you have DNS servers running BIND, perhaps on Linux or BSD, then the sites above will also help you import blackhole domains on those DNS servers too (scripts for blackholing on BIND are common).
To use the PowerShell DNS blackhole script, you must:
- Have PowerShell 2.0 or later on the computer where the script will be run, which may be the DNS server itself or another management workstation.
- Use Windows Server 2003 with SP2 or later for the DNS server.
- Allow network access to the RPC ports of the Windows Management Instrumentation (WMI) service from the workstation where the script will be run.
- Be a member of the local Administrators group on the DNS server.
You can download the PowerShell DNS Blackhole script here:
Or read more here.
- AIDE – Advanced Intrusion Detection Environment
- Tiger – Unix Security Audit & Intrusion Detection Tool
- Egress-Assess – Test Network Egress Data Detection
- Shelling our way up
- PowerShell – More than the command prompt
- OpenSSH On Windows – It’s Happening!
Most Read in Countermeasures:
- AJAX: Is your application secure enough? - 119,685 views
- Password Hasher Firefox Extension - 117,431 views
- NDR or Backscatter Spam – How Non Delivery Reports Become a Nuisance - 57,630 views