<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=439793516377641&amp;ev=PageView&amp;noscript=1">

CATEGORY ARCHIVES: dns

Next Gen IP Firewall Reporting Video - Check it out!

[wpvideo bpjKUiwj]

Read More

Share this:

DNS Capabilities in Windows Server 2016: DNS Firewall and more

Click here to read Senior Program Manager for Microsoft Dynamics, SDN, & DNS, Kumar Ashutosh’s technical summary of the DNS Capabilities available in Windows Server 2016 including DNS Policies, Response Rate Limiting (RRL), DANE Support, Unknown Record Types, IPv6 root hints, DNS Server on Nano and ThreatSTOP’s partnership to provide DNS Firewall security to block malicious domain access.

Read More

Share this:

Criminals don't follow the rules

If you are a criminal and trying to steal things then breaking the law in other ways is unlikely to concern you. To me such a statement seems obvious, but apparently it isn’t – and I’m not just talking about cyber-criminals here.

Read More

Share this:

ThreatSTOP and IPv6

Since the Internet is nearly out of IPv4 addresses, people are finally getting serious about using IPv6. As people start deploying IPv6 we will find new bugs and loopholes that crooks can exploit. Holes like this one that mean that a bot on a network could act as the "man in the middle" for everyone else nearby.

Read More

Share this:

ThreatSTOP blocks new Waledac/Storm worm DNS

This is a follow up to the previous post where we noted the emergence of a new 'conficker'-like threat. Thanks to research by our colleagues at Shadowserver it looks like the threat is actually more closely related to the Waledac/Storm worm malware rather than conficker, however that does not stop us from blocking it.

Read More

Share this:

ThreatSTOP blocking possible Conficker variant

Over the last couple of days we've seen an increasing number of outbound DNS queries to ip addresses on our block lists - principally to ones on the DShield 4000. Since the destination servers are frequently in China and the subscribers have little to do with China this looks unlikely to be genuine traffic. It is however somewhat suggestive of Conficker and other similar fastflux DNS malware which "call home" via a DNS lookup to some randomly generated subdomain of an otherwise apparently genuine domain. The DNS lookup resolves (usually) to a fastflux intermediary that communicates with the botmaster, The DNS server itself is generally not 'bad' per se but it will be under the control of the cyber crooks because they have to feed it the zone changes so frequently and this level of activity would raise a flag in any legitimate DNS hosting service.

Read More

Share this:

The Mutation of ZeuS

Researchers at TrendMicro - and elsewhere - have identified changes to the infamous ZeuS trojan and how it is propagated. The new method involves another piece of malware named Licat, which uses techiques pioneered by the "conficker" worm to try and contact its Command and Control hosts. When Licat successfully finds a C&C host it downloads a new variant of ZeuS from them.

Read More

Share this:

ThreatSTOP GA Announcement

It's been a long road, with some detours along the way, but we have finally made it! ThreatSTOP release 1.0 is out.

Read More

Share this:

ThreatSTOP Features at GA

ThreatSTOP supports a wide range of commonly deployed firewalls and provides a number of additional features such as firewall log processing with graphical reporting and secure, reliable DNS.

Read More

Share this:

ThreatSTOP Servers and Contact Details

To better support our customers we have made improvements to our servers, doubled our staff, added an office in Europe, and have a new PBX and phone numbers.

Read More

Share this:

Home Page

OTHER THREATSTOP OUTLETS

  1. ThreatSTOP on YouTube
  2. ThreatSTOP on Twitter