Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

TZ400 -how to prevent dns attacks

Status
Not open for further replies.

RodneyMcSnow

Technical User
Jun 29, 2007
420
US
I have setup a tz400 to allow only ports80, 443 and 53
To be allowed from LAN to WAN but I end up seeing
DNSrebind attacks and most times unable to browse to the Internet due to attacks.

The WAN to LAN is set to discard everything and I have also enabled theDNS
Rebind attack to drop and log but still having issues.
I see a lot of net mapping errors and icmp messages.

If I remove the DNS from the outbound allowed LAN to wan options
I will never reach the Internet, but others have informed me that I must not allow DNS to the WAN.
Am I missing something here? You need DNS to reach out to the Internet DNS servers
To resolve addresses do how else could this be accomplished.
Was using local ISP for DNS now have changed to open DNS.

There is no server on the network just desktops that use the Sonicwall as a gateway and to protect the LAN computers.

If the rule WAN to LAN set to discard, no traffic is allowed in but there
Has to be something going on that is causing Internet interruption and failure to resolve DNS.

 
For your LAN to WAN rule, are you using 53 as the source port or the destination port?
Where are the dns rebinding attacks coming from? Are they from a single ip address?
 
It is the service allowed and the DNS rebounding comes from the DNS servers that I specify.
I created a group named ALLOWED SERVICES and in he group I have
Included ports 80, 443 and 53.
The source and destination are left default as ANY.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top