Specifying DNS Server Addresses

Discussion in 'LnS English Forum' started by JRCATES, Feb 24, 2006.

Thread Status:
Not open for further replies.

    JRCATES Registered Member

    Apr 7, 2005
    I recently checked out Paranoid's "Guide to Producing a Secure Configuration for Outpost" thread (in the Agnitum forum)....and it seems that Outpost has addressed the DNS issue. From that guide:

    "D1 - Specifying DNS Server Addresses

    DNS (Domain Name System) is the method by which an IP address is found for a domain name (e.g. outpostfirewall.com has the IP address - a full description is available in RFC 1034 - Domain names - concepts and facilities). Since DNS traffic has to be allowed through firewalls in order to be able to perform the IP-address lookup needed when connecting to a site, some trojans and leaktests attempt to disguise their traffic as a DNS request. However by limiting access only to those DNS servers offered by your Internet Service Provider (ISP), this tactic can be effectively blocked. There are two options to follow here:

    (a). The "Global DNS" Option - Add the ISP DNS server addresses to the Global rule

    (b). The "Application DNS" Option - Remove the Global rule, add a DNS rule to every application

    So Outpost evidently has a feature for addressing DNS requests (traffic/spoofing,etc.). I've looked around, but couldn't find anything that definitively says whether LNS also has this ability/feature as well. Can anyone tell me if Look 'n' Stop (with either the "Enhanced Rules Set" or Phant0m's Rules Set, etc.) also address DNS traffic and/or spoofing?
  2. WSFuser

    WSFuser Registered Member

    Oct 7, 2004
    i know phant0m's ruleset has a DNS rule, but i dont know if thats what ur looking for.
  3. daniel952

    daniel952 Registered Member

    Jul 30, 2004
    You could use either the Enhanced ruleset or Phant0m's ruleset to specify your ISP's DNS server in the Internet Filtering rule for DNS resolution. Once you allow any application that needs DNS, it will use the Internet filtering servers unless you specifically tell the app to use different servers or other controls in application filtering.
    Application Filtering controls the ports and IPs that applications can connect to/from, or whether they should be blocked all-together or allowed to start other processes etc.
    LnS Internet Filtering alone or along with Application Filtering can accomplish what you're looking to do, and alot more.
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.