[Emerging-Sigs] Spyware DNS rules
Jack Pepper
pepperjack at afferentsecurity.com
Tue Feb 19 23:32:47 EST 2008
Since I was the original author of the program that generated the
spyware-dns rules on BT, I think this is a good time to rewrite it.
There were several things I never liked about the old spyware-dns
ruleset.
I have put the ruleset on my personal site at:
http://www.autoshun.org/downloads/bhdns.rules
These rules are automatically generated once per day from the domains
list at the Blackhole DNS project ( http://www.malwaredomains.com ).
Matt: We have a bit of a problem with the SID allocation. The sid
allocation sets aside 10000 sids for bhdns rules, but there are 17000+
domains in the bhdns list.
I have started counting from 2410001 which takes us up through
sid=2427300. How do you want to handle this? I can regenerate the
list to fit whatever range you think is good. Let me know.
David: I did not put a license statement on the ruleset. I was going
to release under the BSD license, but I wasn't sure what kind of
license you intended for the domains.txt file (since that is the
source file for all the content). The spyware dns ruleset feels like
a derivative work to me, so are you OK with putting the BSD license on
the ruleset?
jp
--
Framework? I don't need no steenking framework!
----------------------------------------------------------------
@fferent Security Labs: Isolate/Insulate/Innovate
http://www.afferentsecurity.com
More information about the Emerging-sigs
mailing list