Blocked?See Live ThreatsCommunity
Customer Portal Login
Spamhaus Technology and abuse.ch Logo
Solutions
Data
Email & Network
Cyber Threat Intelligence
Resources
About
Back to Previous Page

Case Study

XS4ALL turns to Spamhaus DNS RPZ to provide protection to customers

Posted on
November 29, 2017Author
Spamhaus Technology Team Read time
2 mins

Response Policy ZonesDNS FilteringNetwork Security

In this guide

IntroductionThe ChallengeThe Solution – PowerDNS with Spamhaus' DNS RPZThe Results – thousands of malicious connections blocked daily
Introduction

Introduction

Netherlands-based ISP XS4ALL is using Spamhaus' DNS RPZ to provide an improved security service to its customers.

The Challenge

Cyber criminals are keen to abuse someone else’s well-equipped network, so ISP and hosting environments are targeted by malicious actors keen to insert malware and botnets that can infect across a network.

Email filtering and anti-spam measures can block most phishing attempts but there is always the risk that a customer will unwittingly respond and allow access to malware. So there is always a risk of getting infected, or have infections that might spread to others.

The challenge for XS4ALL is to provide protection without impacting the demand for high-volume, high-speed connectivity and give customers a choice of the security profile that’s right for them.

The Solution – PowerDNS with Spamhaus' DNS RPZ

XS4ALL runs PowerDNS Recursor for its DNS resolution because it has a native implementation to receive an AXFR/IXFR data feed for industry standard Response Policy Zone (RPZ) handling. With the release of version 4.0 of PowerDNS Recursor, XS4ALL was able to configure Response Policy Zones into the resolution process for the first time.

The new 4.0 version has an extra feature which enables active lookup of a configuration for the client that queries the resolvers. This enabled XS4ALL to make DNS RPZ malware filtering optional, with each customer able to chose it as an added security service.

Implementation of Spamhaus' DNS RPZ was straightforward given the version of PowerDNS Recursor, the main volume of work required was to configure XS4ALL’s systems to provide this as a customer option.

The Results – thousands of malicious connections blocked daily

After a careful checking of a PowerDNS setup with mirrored traffic and reviewing the volumes of suspicious queries, DNS RPZ was made operational as an option to customers. When enabled, customers drastically cut down on malware traffic from links in already downloaded email messages that they clicked on accidentally.

“With Spamhaus' DNS RPZ, we are able to block thousands of malicious connections everyday. And as it can be configured on demand, it’s a great option to offer our customers.” Kai S, System Engineer, XS4ALL

Command & Control beaconing traffic from botnets is also greatly reduced. Even though each beaconing message is very small, a compromised enduser can consume massive amounts of bandwidth when it is used to mount DDoS attacks.

Related Resources

Response Policy ZonesDNS FilteringNetwork Security
Spamhaus | abuse.ch Logo

Solutions

Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge ProtectionCyber Threat IntelligenceThreat Intelligence EnrichmentThreat HuntingAll Solutions

Data

Malware IntelligencePhishingSpamInsight & ClassificationHistorical ContextAll Data

Email & Network

About Email & NetworkEmail ProtectionEmail ComplianceDNS ProtectionEdge Protection

Cyber Threat Intelligence

About Cyber Threat IntelligenceThreat Intelligence EnrichmentThreat Hunting

Resources

Resource CenterEventsCommunityMalware DigestBotnet Threat MapCompromised IP StatisticsFAQsStatus Page

About Us

About SpamhausSpamhaus-abuse.ch Alliance
Spamhaus | abuse.ch Logo
XLinkedInYouTube
Privacy NoticeCookie PolicyTerms and Conditions
Uicons by Flaticon