Malicious-Website Blocking (DNS Redirection)

Just as spam filters stop spam emails from getting into your inbox, there are filters that can stop your web browser from connecting to websites known to be malicious—websites that attempt to steal your personal information or infect your device with malware.

Domain Name Service (DNS) redirection is an additional tool to protect you from malicious websites when you are on most U-M networks on the Ann Arbor campus. DNS redirection:

  • Checks websites you try to visit against a list of known malware and phishing sites.
  • Blocks access to sites on the list.

Phased Adoption Under Way

  • February 7, 2017. DNS redirection was implemented as a pilot on Information and Technology Services (ITS) staff networks. Monitoring showed it to be working as intended.
  • March-April, 2017. Information Assurance (IA) presented information about DNS redirection at a meeting of the IT Security Community. IA requested that interested units contact IA at security@umich.edu to be involved in the pilot. Information was shared with appropriate U-M IT governance groups and the IT Security Community. Their input was used to inform plans to extend the service to the rest of the Ann Arbor campus.
  • May 4, 2017. DNS redirection was extended to the MGuest WiFi network.
  • June 9, 2017. DNS redirection extended to MWireless.

What Happens When a Site is Blocked

If you try to visit a website that has been identified as malicious, you will be redirected to a warning page: Warning: Malicious Website Blocked.

Note that the redirection affects all connections to hosts on the malicious list, including those via SSH, SFTP, and more. These connections may fail without an error message. Connection problems from U-M networks can be reported to the ITS Service Center.

About the Block List and Filters

  • IA staff use a threat intelligence management application to combine regularly updated data feeds from multiple trusted sources, including some of our peer institutions and the Research and Education Networking Information Sharing and Analysis Center (REN-ISAC). They also include threats they have identified.
  • Only websites that contain phishing and malware are identified as malicious and added to the block list. Sites are not blocked based on website content.
  • Sites (hosts) on the list are identified by domain name.
  • The ITS Domain Name System (DNS), which is used in routing traffic on most U-M Ann Arbor networks, is used in concert with the list of malicious sites to block users from reaching those sites.
  • IA maintains a whitelist of U-M domains based on a list the 10,000 most visited sites. Connections to these sites go through automatically and are not checked against the list of malicious sites.

Respecting Your Privacy

DNS redirection blocks access to sites based on their reputation. It is fully automated and does not collect, examine, or track information about individual users or site content.

  • No identification of individual users.
  • No collection or tracking of content sent between users and sites.

U-M Networks that Could Be Protected

DNS redirection could be offered on additional U-M networks that use ITS DNS. This will likely include:

  • Eduroam
  • Wired ethernet connections in most U-M buildings associated with the Ann Arbor campus

It will not include:

  • Michigan Medicine networks
  • U-M networks using a unit-provided DNS service
  • U-M networks in units that request DNS redirection not be implemented