The best products are often simple but effective ideas that have been exceptionally well executed. OpenDNS embodies this type of product. Having used their solution, the technology appears straightforward, but it works and is simple to implement in a large federated environment. OpenDNS identifies most malicious domain names and safely redirects users to a safe landing site.
When Matt and I met with David from OpenDNS, one of the first things he asked us was how he could make the product better. Before he could even finish his last word I blurted out “API”. For me, the best thing a company can do is provide their functionality through a clean interface that I can implement in any one of my favorite programming languages. I like taking a good idea and extending it as much as I can to fit my needs and my environment. David let us know an API was in the works and that in due time we would be crushing these attackers programmatically.
The whole API idea slipped from my mind until this past Tuesday when I had to manually block around 150 URLs using the OpenDNS web interface. With no API, this meant hundreds of clicks and checks before I could call it done. After entering 3 URLs I called it quits and focused on coming up with a better solution.
Building the solution
To automate the blocking of domains through OpenDNS, I had to ensure that I didn’t inadvertently deny service to popular sites. Any error in my URL blocks could result in 50,000 plus users on the network wondering what the hell happened, which of course would lead to unpleasant conversations with management. To mitigate this risk, I wanted some checks in place and to visually see my program running. Matt provided some PoC code he used to evaluate OpenDNS, but it wasn’t fully automated and required SCAPY. I wanted my solution to be more holistic and to play better with the OpenDNS site.
Having used the OpenDNS website, everything was very clean, well-marked and contained only a small amount of AJAX request for the heavy lifting. Instead of digging into python and urllib, I decided to give Selenium a shot and see how it would fair against the site. Selenium has a Firefox plug-in that allows you to record a test-case and play it back. As you do actions on the site the plug-in shows the test resulting from that action.
This setup is ideal because I can kick off the Selenium job through the command line and get updates on the progress without technically looking at the virtual machine being used to perform the work. Someone else may prefer a more standalone solution (one that doesn’t require a GUI or browser), but I will leave that up to someone else.
Features and customer requests take time. What may be the most important feature to you may be the least important in the grand scheme of the company providing feedback to. If you need something fast, there is likely a way to hack it together. Even if OpenDNS publishes an API tomorrow I would still look back at the 5 hours I spent working on this project and find value in solving this problem and learning a great deal of valuable information I can use in new projects.
If you are interested in running the job in your own environment then head over to Github and check out the source: