Infoblox
infoblocks
DNS Firewall
How does APT malware use DNS?
What is Infoblox DNS Firewall
How the Infoblox DNS Firewall Works
7 Malware Data Feeds
Three feeds consist of malicious domains and IP addresses
| feed name | detail | |
|---|---|---|
| cnc.rpz.infoblox.local | Includes known botnet C&C domains/IPs and nameservers used only by Box and malicious entries. Furthermore, it includes not only active botnets, but also resources that have been taken down by law or security researchers (such as conficker). | |
| cnc-driveby.rpz.infoblox.local | In addition to the above, it includes known malware delivery sites (IP/domain/nameservers) and locations to infect computers they visit. Including networks and automated systems for “Do not Route Or Peer” (DROP) lists. | |
| malware.rpz.infoblox.local |
|
The remaining four feeds consist of “malware.rpz.infoblox.local” and global address data for specific regions
| feed name | detail | |
|---|---|---|
| malware-prc.rpz.infoblox.local | Includes malware data feeds and Chinese IP subnets, ccTLD domains and nameservers. | |
| malware-ee.rpz.infoblox.local | Includes IP subnets, ccTLD domains and nameservers for malware data feeds and Eastern European countries (Russia, Ukraine, Latvia, Moldova, Romania) from which major malware originates. | |
| malware-prc-ee.rpz.infoblox.local |
|
|
| malware-sanction.rpz.infoblox.local | Includes malware data feeds and IP subnets, ccTLD domains and nameservers from countries on the US government's Office of Foreign Assets Control (OFAC) and International Traffic in Arms Regulations (ITAR) export control lists. Countries currently included are: Afghanistan, Belarus, Myanmar, China, Côte d'Ivoire, Cuba, Cyprus, Congo, Eritrea, Haiti, Iran, Iraq, Lebanon, Liberia, Libya, North Korea, Sierra Leone, Somalia, Sri Lanka, Sudan, Syria, Venezuela, Vietnam, Yemen, Zimbabwe |
Inquiry/Document request
Macnica Infoblox
- TEL:045-476-2010
- E-mail:infoblox-sales@macnica.co.jp
Weekdays: 9:00-17:00