• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
RE: DNS Protection
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: DNS Protection


  • Subject: RE: DNS Protection
  • From: "Tom Fortmann" <email@hidden>
  • Date: Mon, 8 Dec 2008 14:31:09 -0600

Jens,

Very true - under the covers the Malware and Malware prevention software are
so similar it's scary.  One of the bigger issues is simply trying to make
sure we are not miss-identified as malware ourselves.

I'm hoping to avoid the proxy server route - so I'll do my DirectoryServices
homework and let everyone know what I find.

Thanks

Tom
Xcape Solutions, Inc.


-----Original Message-----
From: Jens Alfke [mailto:email@hidden]
Sent: Monday, December 08, 2008 1:38 PM
To: Tom Fortmann
Cc: email@hidden
Subject: Re: DNS Protection


On Dec 8, 2008, at 6:02 AM, Tom Fortmann wrote:

> I'm working on a security product and we would like to add a DNS
> protection features.  In a nutshell, for specific URLs we would like
> to redirect the DNS resolution to a different trusted DNS server,
> and for other URLs allow them to flow through the normal resolution
> process.  Initially, we just want to secure Safari browser sessions,
> although a method that protects the resolution by any network
> application would be preferred.

We'll have to trust you that you're implementing a security product,
since various types of malware also do exactly this same thing, to
direct users to fake sites... ;-)

> Does anyone know of an interface either in Safari/Webkit or in the
> OS X network layer?

WebKit uses the HTTP protocol implementation in the CFNetwork
framework, which probably calls the standard POSIX resolver APIs like
gethostbyname. In the end, the DirectoryService daemon does the
resolution and lookups.

DirectoryServices is pretty complex, and ties into things like
OpenDirectory in addition to DNS. There may be a way to install some
kind of plug-in that can filter DNS requests or direct them to
specific servers; I'm not sure. I think there is documentation of
DirectoryServices in the ADC library.

Another possibility is to run a local HTTP proxy server on the user's
machine and change the user's proxy settings to point to it.

-Jens

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References: 
 >DNS Protection (From: "Tom Fortmann" <email@hidden>)
 >Re: DNS Protection (From: Jens Alfke <email@hidden>)

  • Prev by Date: Re: Stripping attachments [DNS Protection]
  • Next by Date: Re: Stripping attachments [DNS Protection]
  • Previous by thread: Re: Stripping attachments [DNS Protection]
  • Next by thread: Re: Stripping attachments [DNS Protection]
  • Index(es):
    • Date
    • Thread