Specifying DNS Server Addresses

Discussion in 'LnS English Forum' started by JRCATES, Feb 24, 2006.

Thread Status:
Not open for further replies.
  1. JRCATES

    JRCATES Registered Member

    Joined:
    Apr 7, 2005
    Posts:
    1,203
    Location:
    USA
    I recently checked out Paranoid's "Guide to Producing a Secure Configuration for Outpost" thread (in the Agnitum forum)....and it seems that Outpost has addressed the DNS issue. From that guide:

    "D1 - Specifying DNS Server Addresses

    DNS (Domain Name System) is the method by which an IP address is found for a domain name (e.g. outpostfirewall.com has the IP address 216.12.219.12 - a full description is available in RFC 1034 - Domain names - concepts and facilities). Since DNS traffic has to be allowed through firewalls in order to be able to perform the IP-address lookup needed when connecting to a site, some trojans and leaktests attempt to disguise their traffic as a DNS request. However by limiting access only to those DNS servers offered by your Internet Service Provider (ISP), this tactic can be effectively blocked. There are two options to follow here:

    (a). The "Global DNS" Option - Add the ISP DNS server addresses to the Global rule
    -----

    (b). The "Application DNS" Option - Remove the Global rule, add a DNS rule to every application
    -----
    "

    So Outpost evidently has a feature for addressing DNS requests (traffic/spoofing,etc.). I've looked around, but couldn't find anything that definitively says whether LNS also has this ability/feature as well. Can anyone tell me if Look 'n' Stop (with either the "Enhanced Rules Set" or Phant0m's Rules Set, etc.) also address DNS traffic and/or spoofing?
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i know phant0m's ruleset has a DNS rule, but i dont know if thats what ur looking for.
     
  3. daniel952

    daniel952 Registered Member

    Joined:
    Jul 30, 2004
    Posts:
    71
    You could use either the Enhanced ruleset or Phant0m's ruleset to specify your ISP's DNS server in the Internet Filtering rule for DNS resolution. Once you allow any application that needs DNS, it will use the Internet filtering servers unless you specifically tell the app to use different servers or other controls in application filtering.
    Application Filtering controls the ports and IPs that applications can connect to/from, or whether they should be blocked all-together or allowed to start other processes etc.
    LnS Internet Filtering alone or along with Application Filtering can accomplish what you're looking to do, and alot more.
     
Thread Status:
Not open for further replies.