I published the following diary on isc.sans.edu: “DNS Firewalling with MISP”:
If IOC’s are very useful to “detect†suspicious activities, why not use also them to “prevent†them to occur? DNS firewalling can be an efficient way to prevent your users to visit malicious online resources. The principle of DNS firewalling is not new, it is used for a long time to fight against spammers. Services lile SpamHaus provide RPZ feeds. RPZ means “Response Policy Zone†and the principle is to allow a nameserver to reply with an alternate responses to some clients queries… [Read more]