Who needs .info/.biz, anyway?
To quote the people from Sans.org:
Who needs .info/.biz, anyway?
I have blocked access to the *.info and *.biz TLD's at my watchguard firewall 4 months ago. I had to add 5 *.info domains to a whitelist but I got so much in return.
In my blog about the 0-day wmf exploit I recommend the blocking of beehappyy.biz. Guess what showed up in my log's as being block by the 'block all *.biz websites' rule?
That's right beehappyy.biz.
I am glad I did not have to clean that mess up :o)
Also want to block the *.biz and *.info TLD's?
Go to the 'URL Path' function of your HTTP-Proxy and add '*.biz' and '*.info' as pattern matches. You can first set the rules to allow and log, to see if this will work for your network.
I also block the *.ru TLD but I am not going to recommend that because I think that is personal taste.
Who needs .info/.biz, anyway?
I have blocked access to the *.info and *.biz TLD's at my watchguard firewall 4 months ago. I had to add 5 *.info domains to a whitelist but I got so much in return.
In my blog about the 0-day wmf exploit I recommend the blocking of beehappyy.biz. Guess what showed up in my log's as being block by the 'block all *.biz websites' rule?
That's right beehappyy.biz.
I am glad I did not have to clean that mess up :o)
Also want to block the *.biz and *.info TLD's?
Go to the 'URL Path' function of your HTTP-Proxy and add '*.biz' and '*.info' as pattern matches. You can first set the rules to allow and log, to see if this will work for your network.
I also block the *.ru TLD but I am not going to recommend that because I think that is personal taste.