Norton DNS test

I was making some tests in a relative's laptop, running Windows 7 Ultimate SP1. When ClearCloud DNS, by Sunbelt, ceased to exist, I configured my relative's connection device to use Norton DNS IP addresses. I did some tests, to make sure it was blocking, and it was.

Sometime ago, Symantec made changes to Norton DNS, and to block phishing websites, one had to use other set of IP addresses, namely Preferred DNS: 198.153.192.40 and Alternate DNS: 198.153.194.40.

-https://dns.norton.com/dnsweb/huConfigurePc.do

Norton DNS gets its data from Norton SafeWeb -https://dns.norton.com/dnsweb/faq.do

Norton ConnectSafe leverages the Norton Safe Web database. Safe Web contains information on millions of sites and it is queried billions of times each day. Norton ConnectSafe is updated every few minutes with the latest site rating information.

They now call Norton DNS, Norton ConnectSafe, by the way. Anyway, apparently, Norton DNS/ConnectSafe will be updated every few minutes.

To my surprise, I thought I had change my relative's configuration to use the IPs I mentioned above, but it was still running the old IP addresses. I had forgotten to modify them.

So, I altered the IPs, and then rebootd the laptop. I tested Norton DNS with the following domain, which is flagged as being a phishing domain by SafeWeb -https://safeweb.norton.com/report/show?url=omgclothes.com.au

Norton DNS did not block access to it. Considering that the FAQ page mentions "every few minutes", I waited like 10 minutes. It still wasn't blocking it. 10 minutes is a long time, isn't it? It's more than enough for someone to fall for such fraudulent schemes.

Unfortunately, when I tried to access -https://safeweb.norton.com/buzz where one can see more malicious/fradulent websites, I kept getting redirect to the main page, in Google Chrome. If using Internet Explorer 9 I'd remain in that page, but I'd only see the contents of the main page. So, I couldn't test more. If I had to manually verify individual domains, by getting them from third-parties, it would probably take me more time. Time I couldn't waste.

Now, that I'm on my laptop, using Chromium, I can access it (-https://safeweb.norton.com/buzz)... Odd.

Anyway, is anyone running Norton DNS, using the above IP addresses? Can you access -https://safeweb.norton.com/report/show?url=omgclothes.com.au. Please, make sure you're not testing it in a production system/unprotected system.

I'm wondering if there are any problems with Norton DNS? I'm running OpenDNS myself.

 

Source:
https://safeweb.norton.com/report/show?url=omgclothes.com.au


No problems accessing any of the hyperlinks you requested trying.
Tested with both Microsoft Internet Explorer and SRWare IronPortable.
The Web Site: "omgclothes.com.au" appears to be under construction according to the Web Sites Home Page.
Symantec Norton DNS/ConnectSafe rates the Web Site "omgclothes.com.au" as: "Yellow or Caution".
According to Symantecs' Quote above, Web Sites rated "Caution" are not blocked recommending to "Proceed with caution".


Tested all three of Symantec Norton DNS/ConnectSafe security policies in both Web Browsers, SRWare IronPortable and
Microsoft Internet Explorer for the Web Site: "omgclothes.com.au". All three of Symantec Norton DNS/ConnectSafe
security policies using both Web Browsers displayed all requested hyperlinks and the Web Site: "omgclothes.com.au".

Symantec Norton ConnectSafe for Home Security Policies
01] A - Security (malware, phishing sites and scam sites) DNS Servers = 198.153.192.40 and 198.153.194.40
02] B - Security + Pornography DNS Servers = 198.153.192.50 and 198.153.194.50
03] C - Security + Pornography + Non-Family Friendly DNS Servers = 198.153.192.60 and 198.153.194.60

Source:
https://dns.norton.com/dnsweb/huConfigurePc.do


McAfee Online SiteAdvisor Results for: omgclothes.com.au
http://www.siteadvisor.com/sites/omgclothes.com.au


HKEY1952

 

It does flag it as being as phishing website, and the IPs 198.153.192.40 and 198.153.194.40 are meant to block access to phishing websites as well.

And, what you quoted from Norton SafeWeb...

... wouldn't have to necessarily apply Norton DNS, IMO. It should block it. Norton DNS always gives the option to bypass the block, so why not block it?

Phishtank does report the domain mentioned as being a phishing domain. -https://www.phishtank.com/phish_detail.php?phish_id=1405526

-http://www.urlvoid.com/scan/omgclothes.com.au
-https://www.mywot.com/en/scorecard/omgclothes.com.au

BitDefender TrafficLight also flags it.

 

I agree m00nbl00d, the Web Site "omgclothes.com.au" is flagged as being an phishing site, and the:
01] A - Security (malware, phishing sites and scam sites) DNS Servers = 198.153.192.40 and 198.153.194.40
are indeed meant to block access to phishing Web Sites.

I only ran the tests and Posted the results, and questioned those results myself.

I am still scratching my head because the strickest network for Symantec Norton DNS/ConnectSafe is the:
03] C - Security + Pornography + Non-Family Friendly DNS Servers = 198.153.192.60 and 198.153.194.60 and it did not
block the Web Site.


HKEY1952

 

Can you access --https://safeweb.norton.com/buzz ?

If you can, you may find a few phishind domains, but will for certain find malicious domains. I wonder if it will block them?

I'd test it myself, but that would mean making changes in my device, and create individual DNS rules for it. And, if you're running it already... I think you are, anyway.

-edit-

This page reports a phishing domain, but gives it a red warning -https://safeweb.norton.com/report/show?name=gft6.com

 

I have the results m00nbl00d, give me some time to create the Post.

[Post completed]

01] Can you access --https://safeweb.norton.com/buzz ?
Yes, I can access --https://safeweb.norton.com/buzz

02] If you can, you may find a few phishind domains, but will for certain find malicious domains.
I wonder if it will block them?
Yes, Symantec Norton DNS/ConnectSafe blockes listed phishing and malicious domains.

03] I'd test it myself, but that would mean making changes in my device, and create individual DNS rules for it.
And, if you're running it already... I think you are, anyway.
Yes, My security setup gives me the freedom to roam the World Wide Web in an relaxed peaceful secure state,
and is flexible.

04] This page reports a phishing domain, but gives it a red warning -https://safeweb.norton.com/report/show?
name=gft6.com




EDIT: completeness


HKEY1952

 

So... it makes me believe that Norton DNS will only block domain names that are rated with a WARNING @ -https://safeweb.norton.com... But, it won't block access to domains rated with a CAUTION.

That's stupid. Because, if they flag the domain name with a CAUTION rate as being a phishing one, then it should be blocked.

Actually, any suspicious domain should be blocked. The user can always access it.

Not sure I understand this behavior. This means that if anyone were to access the website mentioned here -https://safeweb.norton.com/report/show?url=omgclothes.com.au, and that I previously made a reference to, then the unsuspected user will be a victim of a phishing "attack". Other sources also pointed it as being a phishing domain.

Anyway... thanks.

 

Exactly, and did you notice in the screenshot the word Beta for the Button "Continue to Site"?

That screenshot was taken while using:
03] C - Security + Pornography + Non-Family Friendly DNS Servers = 198.153.192.60 and 198.153.194.60

That must be recent because both Buttons never existed in the Family Package before.
The only choices were to close the Web Browser
Type in another address in the address bar
Or click on an Favorites link

There was no way to enter the blocked domain once it was blocked.
Now it looks like an minor can click on "Continue to Site"

I give up, back to OpenDNS


EDIT: spelling/grammar


HKEY1952