Re: Blocking phishing URL's

["Maloney, Michael" <mmaloney () MIDDLESEXCC EDU>]

While not the most efficient way to do it, it has worked for large majority of the phishing we get.  I create a zone in 
DNS, and set the hostnames in the URL to point to 127.0.0.1.  It won't work for stuff housed at say Google Docs,  but 
it's been pretty effective here.

A downside to this (or any method at the edge), is there is no way to block them when someone accesses their mail 
remotely (ie web based mail)

********************************************
Mike Maloney
Sr. System Engineer
Middlesex County College
2600 Woodbridge Avenue
Edison, NJ 08818
Phone: 732-906-7754
Cell: 908-217-2086
Fax: 732-906-4266
Email: mmaloney () middlesexcc edu<mailto:mmaloney () middlesexcc edu>
*********************************************

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Ullman, 
Catherine
Sent: Monday, December 02, 2013 10:17 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Blocking phishing URL's

Greetings!

I've been asked to investigate what other institutions are doing to block access to URL's at the edge (i.e. block 
connections when people click on a URL, despite virtual hosting or fastflux DNS).

Feel free to respond privately.  Thanks.

Best,
Cathy


Dr. Catherine J Ullman
Information Security Analyst
Information Security Office
University at Buffalo
cende () buffalo edu<mailto:cende () buffalo edu>