Results 1 to 6 of 6
  1. #1
    Untanglit
    Join Date
    Oct 2007
    Posts
    27

    Default block entire TLD (.info)

    Hello,
    We have an issue with a suer that has an MSN virus and is sending links to everyone.
    These links are always with the .info domain.
    As a temporary measure I want to block the entire .info in via the untangle 5.0 box,
    I can Block websites and URL's but I don't find where I can block an entire .info domain

  2. #2
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,752

    Default

    Is it your user or an external one? That's not clear from what you wrote.

  3. #3
    Untanglit
    Join Date
    Oct 2007
    Posts
    27

    Default

    Well, The user is sometimes external via a OpenVPN that is running on the untangle BOX. At the external location she is not protected by any firewall or filter. I think she picked up the virus when working external.

    Of the other internal users, 3 to 4 people of the 15 where sending the msn links to others (they are protected by untangle) but that seems to be under control for now.

    All the links are to:
    MSN_usernmame.very-coolstuff.info
    MSN_usernmame.very-awesomestuuf.info
    MSN_usernmame.very-myfriendz.info
    and so on,

    so as a temporary measure I want to block the complete .info domain for the internal users , so when they click the link, the traffic to these sites will be blocked.

  4. #4
    Untangle Ninja Silver Bullet's Avatar
    Join Date
    Sep 2007
    Posts
    1,946

    Default

    I know this isn't the solution you were asking for but, rather, my opinion.

    If it were my network and her laptop was infected, it would get disconnected from the network immediately and stay off until it was cleaned. If that means that they can't be productive until I can get to it, then they will be more mindful before being non-productive.

    Now, for you question.

    I don't think you can block an entire TLD. You can try but not sure it will work.

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,490

    Default

    I just did a test block of .com with the URL blocker and it doesn't work. Just as soon as I put a domain on it ie: microsoft.com the filter engages. That seems a little arbitrary for the filter to not accept the tld. It is just a simple pattern match why require more name to match?

    Then again this sort of thing is a bit of a step backwards from the goals of UT.

  6. #6
    mdh
    mdh is offline
    Untangle Ninja mdh's Avatar
    Join Date
    Aug 2007
    Posts
    4,752

    Default

    I think I agree with Silver Bullet here. Sometimes a elegant software solution to a unusual problem is really cool, but there's nothing like policy & procedure to get the point across to people that they cost the company $x in lost productivity, $x to fix the problem, $x to add extra security measures as a result of their messing around. By the way, do you have AV/security protection on the affected computers? Compared to potential risk, that doesn't cost near as much.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2