Modify

Opened 4 weeks ago

Closed 4 weeks ago

#149 closed FalseNegative (fixed)

rj.gov.br

Reported by: AnonymousPoster Owned by:
Priority: trivial Milestone:
Component: RPZ Version: 0.1
Severity: mild Keywords: malware phishing
Cc: incoming+my-privacy-dns-matrix-matrix-12520650-issue-@…

Description

Summary

This 'Malicious' domain have to be blocked as..

Line 
1rj.gov.br CNAME . ; Malicious
2miracema.rj.gov.br CNAME . ; Malicious
3natprevi.rj.gov.br CNAME . ; Malicious
4*.natprevi.rj.gov.br CNAME . ; Malicious
5central.rj.gov.br CNAME . ; Phishing
6*.central.rj.gov.br CNAME . ; Phishing
7funarj.rj.gov.br CNAME . ; Phishing
8*.funarj.rj.gov.br CNAME . ; Phishing
9silvajardim.rj.gov.br CNAME . ; Phishing
10*.silvajardim.rj.gov.br CNAME . ; Phishing

... because:

Relevant logs and/or screenshots

This domain comes to us from several sources as malicious and phishing

Among the source is:

Line 
1hphosts_psh
2dg-malicious
3malwaredomainlist

They can all be verified at https://gitlab.com/my-privacy-dns/external-sources/hosts-sources

ScreenShot

History

In our rpz.mypdns.cloud Privacy DNS firewall we find a number of old records

RPZ History

Line 
1funarj.rj.gov.br.rpz.mypdns.cloud
2central.rj.gov.br.rpz.mypdns.cloud
3miracema.rj.gov.br.rpz.mypdns.cloud
4natprevi.rj.gov.br.rpz.mypdns.cloud
5www.natprevi.rj.gov.br.rpz.mypdns.cloud
6www.funarj.rj.gov.br.rpz.mypdns.cloud
7www.central.rj.gov.br.rpz.mypdns.cloud
8silvajardim.rj.gov.br.rpz.mypdns.cloud
9www.silvajardim.rj.gov.br.rpz.mypdns.cloud

The following domains have been turned into wildcards:

Line 
11*.central.rj.gov.br
12*.funarj.rj.gov.br
13*.natprevi.rj.gov.br
14*.silvajardim.rj.gov.br

All Submissions:

  • [x] Have you followed the guidelines in our Contributing document?
  • [x] Have you checked to ensure there aren't other open Issues for the same update/change?
  • [x] Added ScreenDump for prove of False Positive
  • [x] Have you added an explanation of what your submission do and why

you'd like us to include them??

Testing face

  • [x] Checked the internet for verification?
  • [x] Have you successfully ran tests with your changes locally?

Todo:

Attachments (0)

Change History (2)

comment:1 by AnonymousPoster, 4 weeks ago

A test of these urls in Virustotal makes some of them looks rather invalid

(updated)
This means all records turns into one wildcarded blocking :(

See also: https://github.com/mypdns/matrix/issues/60

Last edited 4 weeks ago by AnonymousPoster (previous) (diff)

comment:2 by AnonymousPoster, 4 weeks ago

Resolution: fixed
Status: newclosed

Modify Ticket

Action
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.