INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Jobs

TZ400 -how to prevent dns attacks

TZ400 -how to prevent dns attacks

(OP)
I have setup a tz400 to allow only ports80, 443 and 53
To be allowed from LAN to WAN but I end up seeing
DNSrebind attacks and most times unable to browse to the Internet due to attacks.

The WAN to LAN is set to discard everything and I have also enabled theDNS
Rebind attack to drop and log but still having issues.
I see a lot of net mapping errors and icmp messages.

If I remove the DNS from the outbound allowed LAN to wan options
I will never reach the Internet, but others have informed me that I must not allow DNS to the WAN.
Am I missing something here? You need DNS to reach out to the Internet DNS servers
To resolve addresses do how else could this be accomplished.
Was using local ISP for DNS now have changed to open DNS.

There is no server on the network just desktops that use the Sonicwall as a gateway and to protect the LAN computers.

If the rule WAN to LAN set to discard, no traffic is allowed in but there
Has to be something going on that is causing Internet interruption and failure to resolve DNS.

RE: TZ400 -how to prevent dns attacks

For your LAN to WAN rule, are you using 53 as the source port or the destination port?
Where are the dns rebinding attacks coming from? Are they from a single ip address?

RE: TZ400 -how to prevent dns attacks

(OP)
It is the service allowed and the DNS rebounding comes from the DNS servers that I specify.
I created a group named ALLOWED SERVICES and in he group I have
Included ports 80, 443 and 53.
The source and destination are left default as ANY.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members!

Resources

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close