block entire TLD (.info)

**speciall** · 04-30-2008, 12:27 AM

Hello,
We have an issue with a suer that has an MSN virus and is sending links to everyone.
These links are always with the .info domain.
As a temporary measure I want to block the entire .info in via the untangle 5.0 box,
I can Block websites and URL's but I don't find where I can block an entire .info domain

**mdh** · 04-30-2008, 12:45 AM

Is it your user or an external one? That's not clear from what you wrote.

**speciall** · 04-30-2008, 04:22 AM

Well, The user is sometimes external via a OpenVPN that is running on the untangle BOX. At the external location she is not protected by any firewall or filter. I think she picked up the virus when working external.

Of the other internal users, 3 to 4 people of the 15 where sending the msn links to others (they are protected by untangle) but that seems to be under control for now.

All the links are to:
MSN_usernmame.very-coolstuff.info
MSN_usernmame.very-awesomestuuf.info
MSN_usernmame.very-myfriendz.info
and so on,

so as a temporary measure I want to block the complete .info domain for the internal users , so when they click the link, the traffic to these sites will be blocked.

**Silver Bullet** · 04-30-2008, 06:32 AM

I know this isn't the solution you were asking for but, rather, my opinion.

If it were my network and her laptop was infected, it would get disconnected from the network immediately and stay off until it was cleaned. If that means that they can't be productive until I can get to it, then they will be more mindful before being non-productive.

Now, for you question.

I don't think you can block an entire TLD. You can try but not sure it will work.

**sky-knight** · 04-30-2008, 08:20 AM

I just did a test block of .com with the URL blocker and it doesn't work. Just as soon as I put a domain on it ie: microsoft.com the filter engages. That seems a little arbitrary for the filter to not accept the tld. It is just a simple pattern match why require more name to match?

Then again this sort of thing is a bit of a step backwards from the goals of UT.

**mdh** · 04-30-2008, 09:48 AM

I think I agree with Silver Bullet here. Sometimes a elegant software solution to a unusual problem is really cool, but there's nothing like policy & procedure to get the point across to people that they cost the company $x in lost productivity, $x to fix the problem, $x to add extra security measures as a result of their messing around. By the way, do you have AV/security protection on the affected computers? Compared to potential risk, that doesn't cost near as much.

Thread: block entire TLD (.info)

LinkBack

Thread Tools

block entire TLD (.info)

Posting Permissions