ThreatSTOP Blog

ThreatSTOP & Vyatta combine to block bots

Written by threatstop | December 7, 2010

Threatstop has been working with Vyatta to use the Vyatta Network OS as an enforcement agent against botnets by taking advantage of Vyatta’s powerful iptables/ipset firewall that can be used to block traffic if it has the right IP addresses. At ThreatSTOP, we provide the right IP addresses as a real-time service that distributes an IP threat list via DNS directly to a Vyatta device (and other firewalls) to enable them to block all traffic from and to known botnet and malware sites.

We have made it easy to deploy ThreatSTOP on Vyatta - setup takes a few minutes on an already configured Vyatta box - and have several live joint customer deployments running today.

We are inviting the Vyatta user community to start a Free, no-risk, 30-day trial and read further details at: http://www.threatstop.com/vyattatrial.html

Some technical details. ThreatSTOP stops bots by delivering a block list of IP addresses of known malware sites automatically to firewalls via DNS so our customers can use it immediately without complex network reconfigurations or manual updates. We get the data that goes into the block list from logs submitted by our customers and from many of the leading malware researchers in the world.  Thanks to our data from Shadow Server, abuse.ch and others our customers are able to block botnets “calling home” to their command and control (C & C) hosts to activate an attack, a huge vulnerability today because very few products address this problem. The alternatives to our service are typically only available to huge organizations with multi-million dollar IT budgets – and even compared to them we believe we provide a better service. For example, we also block phishing sites and many other sources of malware such as the worst spammers.
In addition to providing a block list we also analyze our customer’s firewall logs and produce web-based reports for logging, remediation and forensics are included in the service. This means you can see in near real time - logs are uploaded at least once a day, depending on how many attacks -  just what threats are attacking your network and what bad places your users are visiting - or where their computers are trying to go without their knowledge.