Can anybody recommend a package/tool that will automatically block DNS requests to malware domains, C&C etc based on some publish list?
I see that some of the Adblock packages may allow this to work, but would like to know if anybody is using something specific to malware?
Bobcat
October 2, 2020, 9:34am
2
There are Malware specific Adblock lists :
# DNS based ad/abuse domain blocking
## Description
A lot of people already use adblocker plugins within their desktop browsers, but what if you are using your (smart) phone, tablet, watch or any other (wlan) gadget!? Getting rid of annoying ads, trackers and other abuse sites (like facebook) is simple: block them with your router. When the DNS server on your router receives DNS requests, you will sort out queries that ask for the resource records of ad servers and return a simple 'NXDOMAIN'. This is nothing but **N**on-e**X**istent Internet or Intranet domain name, if domain name is unable to resolved using the DNS server, a condition called the 'NXDOMAIN' occurred.
## Main Features
* Support of the following fully pre-configured domain blocklist sources (free for private usage, for commercial use please check their individual licenses)
| Source | Enabled | Size | Focus | Information |
| :------------------ | :-----: | :--- | :--------------- | :-------------------------------------------------------------------------------- |
| adaway | x | S | mobile | [Link](https://github.com/AdAway/adaway.github.io) |
| adguard | x | L | general | [Link](https://adguard.com) |
| anti_ad | | L | compilation | [Link](https://github.com/privacy-protection-tools/anti-AD/blob/master/README.md) |
| android_tracking | | S | tracking | [Link](https://github.com/Perflyst/PiHoleBlocklist) |
| andryou | | L | compilation | [Link](https://gitlab.com/andryou/block/-/blob/master/readme.md) |
| anudeep | | M | compilation | [Link](https://github.com/anudeepND/blacklist) |
| bitcoin | | S | mining | [Link](https://github.com/hoshsadiq/adblock-nocoin-list) |
| disconnect | x | S | general | [Link](https://disconnect.me) |
| energized_blugo | | XL | compilation | [Link](https://energized.pro) |
| energized_blu | | XL | compilation | [Link](https://energized.pro) |
This file has been truncated. show original
2 Likes
Thank you. I've gone with the adblock option plus Openflare DNS malware block. It seems many of the blocklists for malware that adblock is using are 6 months to 2 years old sadly.
Are you running the most recent version of OpenWrt/Adblock?
OpenWRT: 19.07.4
Adblock: 4.0.6
Seem fairly recent ....
Bobcat
October 3, 2020, 11:49am
7
Can you assist me with Openflare, I don't seem to find and would like to consider also...
Apologies, I mean to write CloudFlare DNS. Details are here, They offer a malware only filtering address ...details here:
1 Like
Bobcat
October 4, 2020, 3:42pm
9
Thanks, I didn't realize, but my secondary DNS 1.1.1.1 was already there. So now I configured primary and secondary as per below :
1.1.1.1 is a free Domain Name System (DNS) service by the American company Cloudflare in partnership with APNIC.[needs update] The service functions as a recursive name server, providing domain name resolution for any host on the Internet. The service was announced on April 1, 2018. On November 11, 2018, Cloudflare announced a mobile application of their 1.1.1.1 service for Android and iOS. On September 25, 2019, Cloudflare released WARP, an upgraded version of their original 1.1.1.1 mob The 1....
Furthermore, I agree that the Adblock Malware specific lists seem quite obsolete, dating over 2 years ago.
This leads to a false sense of security, a lot happens in a period of two years, this is like running unpached for 2 years... Unthinkable !
Surely there must be a solution to this issue ?
1 Like
The block lists I receive are up to date. This is why I didn't respond. Feel free to ask in the Adblock support thread if you disagree.
Bobcat
October 4, 2020, 4:41pm
11
I don't dispute that block lists in general are up to date, but if you follow the link I posted earler, the 2 malware specific links point to very obsolete lists, am I wrong in that assessment ?
1 Like
dibdot
October 4, 2020, 4:59pm
12
The two list sources with "malware" in their names have the following time stamps:
I can't see any issue here. Said that, just use other lists/sources if you are not satisfied with the selection or the update frequency. Most of the "general" lists are also includes malware sites - it's up to you to find the "best" sources, derived from your personal surfing behaviour.
2 Likes
You are not wrong, Some of the lists are over 2 years old, especially the malware ones. Even the one dibdot pointed to is 10 months old. In the world of rapidly moving malware I think this is going to give some protection but certainly to offer protection from the latest malware campaigns.
Perhaps the block list approach is not right for that kind of protection. As with all things security, it's best provided with multiple layers.
2 Likes
system
Closed
October 16, 2020, 7:42am
14
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.