Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
emiliano_mastro
Contributor
Jump to solution

E88.30 -Anti-Bot blocks access to malicious domain during the DNS resolution process.-

Hi,

I’m very happy to see important security enhancements with E88.30, in particular Anti-Bot that can block access to malicious domain during the DNS resolution process. Is it true also for IoC?

Because I have put a domain in IoC, but I can access it with telnet (no block during dns resolution process) although the access is blocked rightly using browser

 

Thanks a lot

0 Kudos
1 Solution

Accepted Solutions
JonnyRabinowitz
Employee
Employee

To close the loop here, this issue was addressed offline and was confirmed that the IoC is now blocked

To add some more color on the DNS detection related capabilities; beyond the validation of specific domains, the DNS traffic contents are analyzed to identify any suspicious patterns in the contents of the DNS messages that indicate malicious communications and such communications are blocked

View solution in original post

5 Replies
PhoneBoy
Admin
Admin

Did you try it multiple times from the same client and see the same result?

0 Kudos
emiliano_mastro
Contributor

yes, same behavior

 

 

0 Kudos
PhoneBoy
Admin
Admin

Not sure what the expected behavior is here.
Best to open a TAC case: https://help.checkpoint.com 

0 Kudos
JonnyRabinowitz
Employee
Employee

To close the loop here, this issue was addressed offline and was confirmed that the IoC is now blocked

To add some more color on the DNS detection related capabilities; beyond the validation of specific domains, the DNS traffic contents are analyzed to identify any suspicious patterns in the contents of the DNS messages that indicate malicious communications and such communications are blocked

emiliano_mastro
Contributor

Hi,

I have opened a ticket to TAC who resolved. Now a domain, which belongs to IoC, is blocked if I try to open it with other application than browser like telnet, certutil and so on.

 

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events