We are making available our first IP v6 feed – the v6 full bogons – as a technology demonstration. It uses the exact same DNS distribution method as our standard IP v4 lists and thus demonstrates clearly that our mechanism is IP v6 compliant.
ThreatSTOP has improved our botnet block list by adding a number of C&C servers and DNS servers for botnets that have been taken down by law enforcement. This includes the conficker C&C sinkhole servers (see http://www.confickerworkinggroup.org/wiki/ ) and the IP addresses that the DNS Changer botnet used as DNS servers when redirecting DNS on infected computers (see http://dcwg.org ). These have been added to both the botnets feed and to respective expert mode feeds - sinkhole and DNS changer. We have added these feeds as a service to our subscribers to help them identify computers on their networks that are still infected by these forms of malware as by blocking these addresses on the NAT device makes it easy to identify the infected internal host from its IP address. The "research" popup for a DNS Changer IP address looks like this:
In another showcase for the ThreatSTOP + Juniper SRX solution, the University of Baltimore has deployed it to protect itself and 6,400 students against botnets and malware. UB needed to solve 4 related problems: