cancel
Showing results for 
Search instead for 
Did you mean: 
apellepa
Level 8

Trusted source question

Why trusted source engine does not resolve fqdn ?

Example:

91.202.63.173 categorized as "Malicious sites"

dl.fileszstore.com - is uncategorized (but resolved to 91.202.63.173)

dl.filevfstore.com - is uncategorized (but resolved to 91.202.63.173)

I get list of all sites that hosted on 91.202.63.173 and all of them related to "Malicious downloads"

So question is: how to categorize sites using resolving names to ip ?

0 Kudos
3 Replies
sroering
Level 13

Re: Trusted source question

Which Trusted Source engine are you using?

0 Kudos
apellepa
Level 8

Re: Trusted source question

I dont know, how to check this? (McAfee Web Gateway 6.8.7 build 8846, formely Webwasher).

0 Kudos
schecka
Level 9

Re: Trusted source question

in most cases a reverse resolution from an IP to a hostname is not going to give you a good result. Shared hosting (50k domains on 1 ip) is a comming thing.

by default the web gateway will not a lookup of the IP for the categorization of a host.

In web gateway 7 you could do this though. you could create a rule that says 'if hostname is uncategorized, do a dns lookup and then try to categorize again". there are even options directly in the trustedsource engine. but unfortunately nothing that you could do on web gateway 6.x

0 Kudos