Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
General Apps
VPN and DNS
Phishing Protection — Comparing DNS Security Filters
Message
<blockquote data-quote="HarborFront" data-source="post: 761430" data-attributes="member: 55987"><p><span style="font-size: 12px"><strong>DNS Filters Compared</strong></span></p><p></p><p>In this test, I will compare these 6 free and public DNS providers that are <em>supposed</em> to filter access to malicious domains:</p><ul> <li data-xf-list-type="ul"><a href="https://quad9.net" target="_blank"><strong>Quad9</strong></a>: 9.9.9.9</li> <li data-xf-list-type="ul"><strong>OpenDNS</strong>: 208.67.222.123 (used their free version)</li> <li data-xf-list-type="ul"><a href="https://cleanbrowsing.org" target="_blank"><strong>CleanBrowsing</strong></a>: 185.228.168.9</li> <li data-xf-list-type="ul"><strong>Norton ConnectSafe</strong> (Malware, Phishing and Scam sites): 199.85.126.10</li> <li data-xf-list-type="ul"><strong>Comodo Secure</strong>: 8.26.56.26</li> <li data-xf-list-type="ul"><strong>Yandex Safe</strong>: 77.88.8.88</li> </ul><p>For the test, I divided my list of domains into 4 categories:</p><ul> <li data-xf-list-type="ul">10 domains from the Openphish database. <em>Mix of old and new bad stuff.</em></li> <li data-xf-list-type="ul">10 domains added *today* to Phishtank. <em>Real time bad stuff.</em></li> <li data-xf-list-type="ul">10 domains added within the last week to Phishtank. <em>Old bad stuff.</em></li> <li data-xf-list-type="ul">10 domains from some of the latest Krebs blog posts. <em>Bad stuff.</em></li> </ul><p><span style="font-size: 12px"><strong>Test 1: Openphish — Mixed bad stuff</strong></span></p><p></p><p><em>Openphish</em> is a popular database of malicious domains, so a great place to start. From the 10 domains tested (full dump on <a href="https://pastebin.com/raw/XBuweTdi" target="_blank">pastebin</a>), these are the results:</p><ul> <li data-xf-list-type="ul"><strong>Quad9</strong> and <strong>CleanBrowsing</strong>: <strong>100% accuracy</strong>. They blocked all domains.</li> <li data-xf-list-type="ul"><strong>Norton</strong>: 20% accuracy. Blocked 2 domains related to fake facebook logins.</li> <li data-xf-list-type="ul"><strong>OpenDNS, Comodo, Yandex</strong>: Blocked 0 domains.</li> </ul><p><span style="font-size: 12px"><strong>Test 2: Phishtank — Real time bad stuff</strong></span></p><p></p><p>With this test, I tried to see how quickly those providers were to update their database with new domains. The dump of the tests are on <a href="https://pastebin.com/raw/XBuweTdi" target="_blank">pastebin</a> as well (yeah, I screwed up my math and tested 12 domains instead of 10). Results:</p><ul> <li data-xf-list-type="ul"><strong>CleanBrowsing</strong>: 91% of accuracy. Only missed 1.</li> <li data-xf-list-type="ul"><strong>Quad9</strong>: 50% of accuracy</li> <li data-xf-list-type="ul"><strong>OpenDNS, Yandex, Comodo, Norton</strong>: 16% of accuracy. Blocked 2 domains only.</li> </ul><p><span style="font-size: 12px"><strong>Test 3: Phishtank — Old bad stuff</strong></span></p><p></p><p>In this 3rd test, I got domains that were blacklisted this month, but not today. That gives a good idea on how long they keep bad domains on their list. The results:</p><ul> <li data-xf-list-type="ul"><strong>CleanBrowsing</strong>: 100% accuracy</li> <li data-xf-list-type="ul"><strong>OpenDNS</strong>: 60% accuracy</li> <li data-xf-list-type="ul"><strong>Norton</strong>: 30% accuracy</li> <li data-xf-list-type="ul"><strong>Quad9</strong>: 20% accuracy</li> <li data-xf-list-type="ul"><strong>Yandex</strong>: 10%, <strong>Comodo</strong> 0%.</li> </ul><p><span style="font-size: 12px"><strong>Test 4: Domains from Krebs blog post</strong></span></p><p></p><p>This last test probably wasn't very fair, since the domains Krebs mentions on his blog post are not part of any blacklist, so none of the providers blocked them, except for <strong>CleanBrowsing</strong>. They blocked 100% of the typo squatting <em>.cm domains,</em> along with cardmafia and some other bad domains.</p><p><span style="font-size: 12px"><strong>Conclusion</strong></span></p><p></p><p>DNS can be an important part of your security and act as a first line of defense against phishing and other malicious activity. <strong>CleanBrowsing</strong> was the #1 provider in my tests , followed by <strong>Quad9</strong> <strong>and OpenDNS </strong>in second (they did well in different areas). Note that I used the free version of OpenDNS and if you are an enterprise client, their Cisco Umbrella could/would probably do better. CleanBrowsing has different filters to block adult content, but I tested it with their .9 IP address that only blocks malicious domains.</p><p></p><p>On the sad side, It seems that both <strong>Comodo</strong>, <strong>Norton</strong> and <strong>Yandex</strong> are stuck in time and not updated anymore. So based on my tests, would not recommend to use them if you are looking for any type of security filtering at the DNS layer.</p><p></p><p>For the whole article please read below link</p><p></p><p><a href="https://medium.com/@nykolas.z/phishing-protection-comparing-dns-security-filters-9d5a09849b91" target="_blank">Phishing Protection — Comparing DNS Security Filters</a></p></blockquote><p></p>
[QUOTE="HarborFront, post: 761430, member: 55987"] [SIZE=12px][B]DNS Filters Compared[/B][/SIZE] In this test, I will compare these 6 free and public DNS providers that are [I]supposed[/I] to filter access to malicious domains: [LIST] [*][URL='https://quad9.net'][B]Quad9[/B][/URL]: 9.9.9.9 [*][B]OpenDNS[/B]: 208.67.222.123 (used their free version) [*][URL='https://cleanbrowsing.org'][B]CleanBrowsing[/B][/URL]: 185.228.168.9 [*][B]Norton ConnectSafe[/B] (Malware, Phishing and Scam sites): 199.85.126.10 [*][B]Comodo Secure[/B]: 8.26.56.26 [*][B]Yandex Safe[/B]: 77.88.8.88 [/LIST] For the test, I divided my list of domains into 4 categories: [LIST] [*]10 domains from the Openphish database. [I]Mix of old and new bad stuff.[/I] [*]10 domains added *today* to Phishtank. [I]Real time bad stuff.[/I] [*]10 domains added within the last week to Phishtank. [I]Old bad stuff.[/I] [*]10 domains from some of the latest Krebs blog posts. [I]Bad stuff.[/I] [/LIST] [SIZE=12px][B]Test 1: Openphish — Mixed bad stuff[/B][/SIZE] [I]Openphish[/I] is a popular database of malicious domains, so a great place to start. From the 10 domains tested (full dump on [URL='https://pastebin.com/raw/XBuweTdi']pastebin[/URL]), these are the results: [LIST] [*][B]Quad9[/B] and [B]CleanBrowsing[/B]: [B]100% accuracy[/B]. They blocked all domains. [*][B]Norton[/B]: 20% accuracy. Blocked 2 domains related to fake facebook logins. [*][B]OpenDNS, Comodo, Yandex[/B]: Blocked 0 domains. [/LIST] [SIZE=12px][B]Test 2: Phishtank — Real time bad stuff[/B][/SIZE] With this test, I tried to see how quickly those providers were to update their database with new domains. The dump of the tests are on [URL='https://pastebin.com/raw/XBuweTdi']pastebin[/URL] as well (yeah, I screwed up my math and tested 12 domains instead of 10). Results: [LIST] [*][B]CleanBrowsing[/B]: 91% of accuracy. Only missed 1. [*][B]Quad9[/B]: 50% of accuracy [*][B]OpenDNS, Yandex, Comodo, Norton[/B]: 16% of accuracy. Blocked 2 domains only. [/LIST] [SIZE=12px][B]Test 3: Phishtank — Old bad stuff[/B][/SIZE] In this 3rd test, I got domains that were blacklisted this month, but not today. That gives a good idea on how long they keep bad domains on their list. The results: [LIST] [*][B]CleanBrowsing[/B]: 100% accuracy [*][B]OpenDNS[/B]: 60% accuracy [*][B]Norton[/B]: 30% accuracy [*][B]Quad9[/B]: 20% accuracy [*][B]Yandex[/B]: 10%, [B]Comodo[/B] 0%. [/LIST] [SIZE=12px][B]Test 4: Domains from Krebs blog post[/B][/SIZE] This last test probably wasn't very fair, since the domains Krebs mentions on his blog post are not part of any blacklist, so none of the providers blocked them, except for [B]CleanBrowsing[/B]. They blocked 100% of the typo squatting [I].cm domains,[/I] along with cardmafia and some other bad domains. [SIZE=12px][B]Conclusion[/B][/SIZE] DNS can be an important part of your security and act as a first line of defense against phishing and other malicious activity. [B]CleanBrowsing[/B] was the #1 provider in my tests , followed by [B]Quad9[/B] [B]and OpenDNS [/B]in second (they did well in different areas). Note that I used the free version of OpenDNS and if you are an enterprise client, their Cisco Umbrella could/would probably do better. CleanBrowsing has different filters to block adult content, but I tested it with their .9 IP address that only blocks malicious domains. On the sad side, It seems that both [B]Comodo[/B], [B]Norton[/B] and [B]Yandex[/B] are stuck in time and not updated anymore. So based on my tests, would not recommend to use them if you are looking for any type of security filtering at the DNS layer. For the whole article please read below link [URL='https://medium.com/@nykolas.z/phishing-protection-comparing-dns-security-filters-9d5a09849b91']Phishing Protection — Comparing DNS Security Filters[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
