Practical audit advice you can use today.
# 20 : DNS Sinkhole for Malware Defense and Policy Enforcement
BIND is usually the go-to DNS solution if you're looking to set up a DNS sinkhole to contain and identify malware. While I love BIND as much as the next guy, I find that it's a real pain in the neck to get everything set up just right and the maintenance involved in adding a new authoritative zone is just more than I'm willing to do.
As a solution to this, I've revived a tool that I wrote more than a decade ago for Internet usage policy enforcement. As it turns out, it already was a DNS sinkhole, I just never called it one!
Watch the episode for a demonstration and discussion and check out the blog article for more information and the source code: http://it-audit.sans.org/blog/2011/11/02/dns-sinkhole-for-malware-defense-and-policy-enforcement/
© 2011, David Hoelzer & EnclaveForensics