Using DNSBLs to Monitor Network Security
Luis E. Muñoz
Many email administrators are turning to DNSBLs
-- DNS Block Lists -- as useful weapons in the arsenal against
spam. There are DNSBLs covering many aspects of the security spectrum
related to spam. A brief sample of the overall focus of the most common
lists include:
- Open HTTP proxies
- Open SMTP proxies
- Zombies or trojaned machines
- Miscellaneous open proxies
- Hosts that send spam to spamtrap addresses
These lists continue to grow despite the efforts of
the community to educate the general public and, more importantly, the
administrators responsible for the operation or security of the network. No
matter how many security measures we implement in our network, the reality
is that a lot of computers in the public network and in our datacenters,
are compromised each day.
This article will introduce another useful application
for the DNSBLs. I'll show how to use this valuable information source
to diagnose and monitor the overall security level of a given network.
I'll do so by generating a sort of "reputation" or index,
based in the information collected from the lists themselves.
The code I will use for this, although simply an
example, is available from the Sys Admin Web site:
http://www.sysadminmag.com
The Lists
One of the first things to do is research the existing
DNSBLs.
|
