As an intellectual exercise, I think this is interesting and worth the effort. As an actual implementation, I think it's more effective to block DNS traffic to the affected subnets. Let the breakage occur, and then let the end users get their broken machines fixed rather than let them continue hobbling along with this hack in place. Jason On Sat, Jul 7, 2012 at 8:10 PM, Cameron Byrne <cb.list6@gmail.com> wrote:
On the other thread i read that some ISP are running their own proxies for infected host.
That sounded interesting, so i googled around to find out how to do that and i could not find a HOWTO, so imagined up a solution myself, tested it in VirtualBox, and wrote it down in case anyone finds it useful or has another approach
https://sites.google.com/site/cbyrne/dnschanger
I don't plan to use this solution, but it was interesting to think about and may be a good starting point in the unlikely event that some VP pushes the panic button on Monday.
CB