![]() ![]() ![]() AWStats might even be of some out-of-the-box help. You could theoretically deconstruct the incoming HTTP requests based on referring domain and source IP address and make quite the set of nifty reports. What might be to your advantage would be to CNAME the blacklisted domains, and then use the faculties of the web server that you CNAME the blacklisted domains to as a means of checking up on who's doing what. There is a sister project called Windows HOSTS File Script To Block Bad Domains which, predictably, uses hosts files on local machines, which sounds icky but perhaps a GPO to push it out to your Windows clients could be used (as long as user permissions disallow any hosts file tampering and also assuming that your Active Directory controls all PCs that you want to use the blacklist for).Īs for reporting on the blockages, that's a little tougher since Windows DNS doesn't really have response-per-domain reports that I've found. ![]() That is a SANS Institute backed PowerShell script that managed DNS blacklists on a Windows DNS server. Instead of building this out yourself, consider standing on the back of someone who has done much of this work for you: Windows DNS Server Sinkhole Domains Tool. Another option is to CNAME the domains to a web server that you control. A DNS-based Blackhole List (DNSBL) or Real-time Blackhole List (RBL) is a list of IP addresses published through the Internet Domain Name System (DNS) either as a zone file that can be used by DNS server software, or as a live DNS zone that can be queried in real-time. So either A records that point to an IP address under your control (perhaps a web server you control that says "You've been blocked! Expect a call from HR lol!!1") or simply send people to 0.0.0.0. To attack #3, you would create records that misdirect people. Then stick the pertinent information into variables for dnscmd to work with. You'll need to use some PowerShell cmdlets (like get-content and write-host for possible examples) to cut up the feed list into the bits of information that are pertinent to the creation of an A or CNAME record in your own DNS server. To attack #2, "Script to publish feed list into Windows DNS", you'll most likely be using dnscmd in some capacity. ![]()
0 Comments
Leave a Reply. |