-
November 29th, 2007, 02:31 AM
#1
BlackHole-DNS problems
FYI
For those that use files from bleedingthreats.net ( or bleedingthreats.com ) there seems to be a problem with the sites.
From The Bleeding-sigs Archives those names haven't been able to be resolved since 11/22/2007. ( a look-up indicates the domains were updated 10/21/2007 )
For now updates can apparently be found at The DNS-BH project
Anyone have more info on this ?
.
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
-
November 30th, 2007, 08:51 AM
#2
UPDATE
I have not seen this anywhere else!
Although there have been views, no one has posted, so I guess I will post to keep this alive, as I think it is very important !!!!!
For those that don’t realize, this also effects files from
http://www.bleedingsnort.com/blackhole-dns/files/
Many people run scripts that update their blackhole-dns, and do not realize the files are no longer there. ( checking logs, are we ???? )
The files ( updates ) were actually noticed missing since 11/20/2007.
The current conditions occurred shortly after this post I'm Leaving Bleeding Threats by Matt Jonkman ( jonkman at jonkmans.com )
... After nearly 5 years as the founder and admin of Bleeding Edge Threats I must step out of the project. ...
Although I can think of a thousand reasons to leave after five years, I am still dumbfounded as to the reasons for the missing files / domains.
These problems may be corrected in the near future, but since it has been over 10 days with these files ( and domains ) effectively missing, I thought security minded individuals ( especially those utilizing open source options ) would want to know about this. ( No posts indicate no interest ??? )
Anyone here been effected?
Is this still a security orientated site, despite the lack of any recent substance?
.
Last edited by IKnowNot; November 30th, 2007 at 08:59 AM.
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
-
November 30th, 2007, 01:27 PM
#3
Hmmm,
The date of the last entry in the archives is 30 November 2007.
As for the other site:
Removed at Authors request
I guess there is some "reading between the lines" to be done here?
( No posts indicate no interest ??? )
Not necessarily, I guess it just means that nobody has any further information and are just awaiting developments.
This is an endemic weakness of open source projects........... if the driving force(s) leave suddenly, then there is frequently a hiatus whilst the community reorganises and regroups. The fewer the major players the greater the risk.
There also might be hosting problems in the short term?
Another possibility is that if he left without naming heirs there might be a bit of politicing going on behind the scenes?
I guess we will just have to wait and see
EDIT: I had a quick look and this is all I could find:
http://www.inliniac.net/blog/2007/11...ding-edge.html
There is a suggestion that he was pushed rather than jumped?
Last edited by nihil; November 30th, 2007 at 01:57 PM.
-
November 30th, 2007, 03:03 PM
#4
I also noticed the files were missing. I'm not using blackhole dns at this time but I was using the blackhole snort rules file. I did notice it was missing and reverted to a backup (11-16-07) and disabled the update from my update script. I was not receiving many hits from the blackhole rule anyway thanks to websense.
Last edited by phishphreek; November 30th, 2007 at 03:05 PM.
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
November 30th, 2007, 07:52 PM
#5
Being an amateur, I don't automatically update mine,
but I guess this does point out a weakness in open source,
at least for professionals who depend on this stuff.
I came in to the world with nothing. I still have most of it.
-
December 2nd, 2007, 03:27 AM
#6
I am the originator of the Black-Hole DNS Project which Matt Jonkman was kind enough to host.
I started the list as a way to give back to the open source community, especially bleedingsnort, as I extensively used their sigs but suck at writing my own
With Matt leaving, I also lost the ability to update the list through CVS. Due to the uncertainty of the future of bleedingthreats, I made the decision to create a new domain for the dns-blacklist at malwaredomains.com.
Although this is now costing me money to host on my own, I also did not want to be immediately tied to a single vendor, especially one which I did not have prior relationship.
I know this would cause some problems for users, so I emailed the bleeding-sigs and other mailing lists about the new domain. I am now posting to as many boards as possible (such as this one).
Matt is actively working on his new projects, and we are actively working on keeping the professional relationship going. I hope his new projects will contain a sandbox where he can continue to feed the BH-DNS malware domain list with active domains.....
Regards
D Glosser
malwaredomains.com
-
December 2nd, 2007, 06:23 AM
#7
I saw that the new files are located @ http://www.malwaredomains.com/files/
At this time, I am not using the DNS files, but was using the snort rules. Are there any plans to keep updates of the snort rules? If not, can you make available the script to create the snort rules file?
BTW: I've been a big fan of the project for a while. I've recommended it to many people over the years. I use many layers in my approach to security and the blackhole dns solution was great. I just used the snort sigs to see which hosts may be infected. Luckily, I don't get many hits... but I love the rules. Even if they do use up huge amounts of memory....
Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
-
December 2nd, 2007, 02:04 PM
#8
SN has stated that they want to keep the project going and need a bit of time. They are active on the bleeding-sigs mailing list so you may want to post a question there. Thanks for the being a fan of the dns-bh project. Another way to see if hosts are infected may be to change the loopback address in the file to an internal web server and check the logs.....
-
December 26th, 2007, 06:32 PM
#9
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
Similar Threads
-
By Nokia in forum Tips and Tricks
Replies: 0
Last Post: June 12th, 2004, 05:13 PM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By Striek in forum The Security Tutorials Forum
Replies: 10
Last Post: December 16th, 2003, 09:30 PM
-
By CS4Life in forum The Security Tutorials Forum
Replies: 2
Last Post: June 26th, 2003, 12:02 PM
-
By tampabay420 in forum Cosmos
Replies: 1
Last Post: January 23rd, 2003, 08:37 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|