Any way to use Norton DNS to block countries like in Opendns?

Discussion in 'other anti-malware software' started by GrammatonCleric, Sep 13, 2011.

Thread Status:
Not open for further replies.
  1. GrammatonCleric
    Offline

    GrammatonCleric Registered Member

    I know that in Open DNS I can block the whole country domain suffixes i.e. .uk .cz .ca etc.
    Is there a way to do the same with Norton DNS?

    Mainly because I never receive any e-mail from .cz nor I have the understanding of a language that most of the foreign websites employ so no interest in visiting them (yeah I know ignorant American). By blocking those domains I reduce the drive by attack surface so there is a logic behind that.

    I know that Online Armor can block countries but I would rather employ a whole house solution (DNS IP in a ROUTER) then a per pc basis since not every pc in my houses uses the same protection.
  2. funkydude
    Offline

    funkydude Registered Member

    No.

    FYI, blocking country level TLDs wouldn't stop you getting emails. If they really wanted to infect you they could link you to IPs via the email/website and avoid the DNS lookup altogether.

    The only thing you're avoiding by blocking country TLDs is stumbling across an infected site. Using OA is probably the better solution, but even then, what will that do to stop you getting infected by the thousands of non-eastern websites hacked every day? I suggest you just let Norton do that job.
  3. RJK3
    Offline

    RJK3 Registered Member

    If your router supports it, you potentially could block certain IP ranges. It's not a bad idea to block certain countries, as long as it doesn't cost you anything in terms of convenience or speed.

    Main way to reduce attack surface is to remove vulnerable applications from the PCs, namely Java and old versions of Adobe Reader. Also to keep the browsers and OS up to date.

    Java is the most exploited application when it comes to exploit kits, so it really should go unless there's an irreplaceable need for it:
    http://labs.m86security.com/wp-content/uploads/2011/06/Statistics.png
    http://labs.m86security.com/wp-content/uploads/2011/05/panel1.png

    On PCs that don't browse behind a sandbox or have an effective way to mitigate an exploit, then I'd suggest you also remove PDF plugins from browsers altogether.

    Alternatively Peerblock has country/continent based blocklists, but the drawback is that it takes resources to run. I once considered using Peerblock to block China, considering all the port scanning that originates there :p

    You could also add domains to be blocked by Adblock. IE9 supports Fanboy's TPL, but I'm not 100% on precisely what is blocked.
  4. RJK3
    Offline

    RJK3 Registered Member

    Often the infected iframes on hacked Western sites will point to malware servers in Eastern Europe. It's also true that just as many will point to malware servers ending in .com as well. Still, if a country block doesn't negatively affect performance or convenience - and if it can be easily implemented - then it's worthwhile.

    OTOH if the OP can't find an easy way to do it, then I agree that it'll be easier to rely on Norton DNS (as well as other easy steps like removing Java).
  5. GrammatonCleric
    Offline

    GrammatonCleric Registered Member

    Also I am wondering about the Norton DNS option to block the "uncategorized websites" I wonder if that might thwart some newly created malware sites?
    Anyone has any problems with that checked and browsing "regular web"?
Thread Status:
Not open for further replies.