Infoblox DNS Firewall - Security Business -Macnica

Security business menu

Security business
HOME

To be elected
cause

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

product
service
- Diagnosis of DDoS attack by looking at DNS
- Diagnosis of targeted attacks seen in DNS

Specifications/Technical Information

Specifications/Technical Information

solution

solution
- Targeted attack countermeasures with Infoblox and FireEye
- DNS security

User stories

support

- Macnica Support

Seminar content

Evaluation machine application/FAQ

Application for evaluation machine
- Infoblox evaluation machine application

Document request

inquiry

Event/Seminar

video on demand

Infoblox

infoblocks

DNS Firewall

How does APT malware use DNS?

What is Infoblox DNS Firewall

How the Infoblox DNS Firewall Works

7 Malware Data Feeds

Three feeds consist of malicious domains and IP addresses

feed name

detail

cnc.rpz.infoblox.local

Includes known botnet C&C domains/IPs and nameservers used only by Box and malicious entries. Furthermore, it includes not only active botnets, but also resources that have been taken down by law or security researchers (such as conficker).

cnc-driveby.rpz.infoblox.local

In addition to the above, it includes known malware delivery sites (IP/domain/nameservers) and locations to infect computers they visit. Including networks and automated systems for “Do not Route Or Peer” (DROP) lists.

malware.rpz.infoblox.local

A comprehensive list of malware hosts/domains/nameservers. In addition to the above, including active phishing sites and other threats.

The remaining four feeds consist of “malware.rpz.infoblox.local” and global address data for specific regions

feed name

detail

malware-prc.rpz.infoblox.local

Includes malware data feeds and Chinese IP subnets, ccTLD domains and nameservers.

malware-ee.rpz.infoblox.local

Includes IP subnets, ccTLD domains and nameservers for malware data feeds and Eastern European countries (Russia, Ukraine, Latvia, Moldova, Romania) from which major malware originates.

malware-prc-ee.rpz.infoblox.local

Includes malware data feeds and IP subnets, ccTLD domains and nameservers for China and Eastern European countries of major malware origin (Russia, Ukraine, Latvia, Moldova, Romania).

malware-sanction.rpz.infoblox.local

Includes malware data feeds and IP subnets, ccTLD domains and nameservers from countries on the US government's Office of Foreign Assets Control (OFAC) and International Traffic in Arms Regulations (ITAR) export control lists.

Countries currently included are:
Afghanistan, Belarus, Myanmar, China, Côte d'Ivoire, Cuba, Cyprus, Congo, Eritrea, Haiti, Iran, Iraq, Lebanon, Liberia, Libya, North Korea, Sierra Leone, Somalia, Sri Lanka, Sudan, Syria, Venezuela, Vietnam, Yemen, Zimbabwe

Inquiry/Document request

Macnica Infoblox

inquiry Document request

TEL：045-476-2010
E-mail：infoblox-sales@macnica.co.jp

Mon-Fri 8:45-17:30