Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Qiuyao
Explorer
Jump to solution

DNS trap

Hello support,

 

Why is the default address of DNS trap 62.0.58.94 and not something else, what is the significance of this choice? When DNS trap is triggered, does DNS traffic go to 62.0.58.94? Or did he simply replace the destination DNS address with 62.0.58.94

 

Best Regards,

Qiuyao Dai

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

The significance of the choice is simple: Check Point owns this IP address.
You can verify this through WHOIS records. 

When we detect a DNS lookup for a domain that is malicious, we replace the results of that query with the configured IP DNS Trap address.
The idea being: instead of connecting to the malicious host, the client will connect to the DNS Trap address, which should ultimately be harmless to the end user.

To the best of my knowledge, there is no host assigned to 62.0.58.94.
Which means all traffic sent to this IP will fail and result in no harm to and end user.

View solution in original post

2 Replies
PhoneBoy
Admin
Admin

The significance of the choice is simple: Check Point owns this IP address.
You can verify this through WHOIS records. 

When we detect a DNS lookup for a domain that is malicious, we replace the results of that query with the configured IP DNS Trap address.
The idea being: instead of connecting to the malicious host, the client will connect to the DNS Trap address, which should ultimately be harmless to the end user.

To the best of my knowledge, there is no host assigned to 62.0.58.94.
Which means all traffic sent to this IP will fail and result in no harm to and end user.

Chris_Atkinson
Employee Employee
Employee

For more info please refer:

sk74060: Anti-Virus Malware DNS Trap feature

CCSM R77/R80/ELITE

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events