Re: Does the home version block known Russian hacker IPs?

dcsutherland · ‎09-27-2016

Was reading this article on known Russian IP's that carry "bad" traffic. Can the home version be used to block such IP ranges?

ref:
http://securityaffairs.co/wordpress/51704/hacking/fancy-bear-mac-trojan.html

rotblitz · ‎09-27-2016

A DNS service (no matter if OpenDNS or another or what version) generally cannot block IP addresses at all, just domain names, because using IP addresses does not involve DNS. However, many routers and many devices allow to block IP addresses and ranges. That said, your router or your devices can possibly be used to block such IP address ranges. (Honestly, although searching, I couldn't find the list with IP address ranges...)

dcsutherland · ‎09-27-2016

I knew that... totally zoned. Thanks!

I guess I was thinking those bots might be blocked if they use a URL instead of hard-coded IP address.

So... to rephrase the question...

Are there any known Russia based hacker sites blocked by URL in the personal use license?

rotblitz · ‎09-27-2016

DNS services also do not see URLs, just domain names (which are part of URLs).

As can be seen from the Security Settings of the home version: "At this time, this feature blocks the Conficker virus and the Internet Explorer Zero Day Exploit, and is continually expanded to include other types of malicious sites." This doesn't necessarily look like covering "Russia based hacker sites", does it? It may well be covered by the enhanced threat protection of Umbrella.

But we users cannot finally know. You had to ask OpenDNS directly.

If you know such a "Russia based hacker site", you can prove if OpenDNS Home blocks it while raising a DNS lookup for the domain in question. If this returns an OpenDNS IP address, then it is blocked, else most likely not.