Specifying DNS Server Addresses

JRCATES · Feb 24, 2006

I recently checked out Paranoid's "Guide to Producing a Secure Configuration for Outpost" thread (in the Agnitum forum)....and it seems that Outpost has addressed the DNS issue. From that guide:

"D1 - Specifying DNS Server Addresses

DNS (Domain Name System) is the method by which an IP address is found for a domain name (e.g. outpostfirewall.com has the IP address 216.12.219.12 - a full description is available in RFC 1034 - Domain names - concepts and facilities). Since DNS traffic has to be allowed through firewalls in order to be able to perform the IP-address lookup needed when connecting to a site, some trojans and leaktests attempt to disguise their traffic as a DNS request. However by limiting access only to those DNS servers offered by your Internet Service Provider (ISP), this tactic can be effectively blocked. There are two options to follow here:

(a). The "Global DNS" Option - Add the ISP DNS server addresses to the Global rule
-----

(b). The "Application DNS" Option - Remove the Global rule, add a DNS rule to every application
----- "

So Outpost evidently has a feature for addressing DNS requests (traffic/spoofing,etc.). I've looked around, but couldn't find anything that definitively says whether LNS also has this ability/feature as well. Can anyone tell me if Look 'n' Stop (with either the "Enhanced Rules Set" or Phant0m's Rules Set, etc.) also address DNS traffic and/or spoofing?

WSFuser · Feb 24, 2006

i know phant0m's ruleset has a DNS rule, but i dont know if thats what ur looking for.

daniel952 · Feb 25, 2006

JRCATES said:

I recently checked out Paranoid's "Guide to Producing a Secure Configuration for Outpost" thread (in the Agnitum forum)....and it seems that Outpost has addressed the DNS issue. From that guide:

"D1 - Specifying DNS Server Addresses

DNS (Domain Name System) is the method by which an IP address is found for a domain name (e.g. outpostfirewall.com has the IP address 216.12.219.12 - a full description is available in RFC 1034 - Domain names - concepts and facilities). Since DNS traffic has to be allowed through firewalls in order to be able to perform the IP-address lookup needed when connecting to a site, some trojans and leaktests attempt to disguise their traffic as a DNS request. However by limiting access only to those DNS servers offered by your Internet Service Provider (ISP), this tactic can be effectively blocked. There are two options to follow here:

(a). The "Global DNS" Option - Add the ISP DNS server addresses to the Global rule
-----

(b). The "Application DNS" Option - Remove the Global rule, add a DNS rule to every application
----- "

So Outpost evidently has a feature for addressing DNS requests (traffic/spoofing,etc.). I've looked around, but couldn't find anything that definitively says whether LNS also has this ability/feature as well. Can anyone tell me if Look 'n' Stop (with either the "Enhanced Rules Set" or Phant0m's Rules Set, etc.) also address DNS traffic and/or spoofing?
Click to expand...

You could use either the Enhanced ruleset or Phant0m's ruleset to specify your ISP's DNS server in the Internet Filtering rule for DNS resolution. Once you allow any application that needs DNS, it will use the Internet filtering servers unless you specifically tell the app to use different servers or other controls in application filtering.
Application Filtering controls the ports and IPs that applications can connect to/from, or whether they should be blocked all-together or allowed to start other processes etc.
LnS Internet Filtering alone or along with Application Filtering can accomplish what you're looking to do, and alot more.

Log in or Sign up

Specifying DNS Server Addresses

JRCATES Registered Member

WSFuser Registered Member

daniel952 Registered Member

Log in or Sign up

Specifying DNS Server Addresses

JRCATES Registered Member

WSFuser Registered Member

daniel952 Registered Member

Useful Searches