Who rated this post

cancel
Showing results for 
Search instead for 
Did you mean: 
PhoneBoy
Admin
Admin

It’s a Chicken and Egg problem:

  • The forward DNS (e.g. hostname.example.com > 192.0.2.1) rarely matches the reverse DNS (192.0.2.1 > not.a.valid.name)
  • We don’t know every host in *.example.com
  • Short of looking at the DNS request, there’s no real way to know before a the TCP connection is established whether we are connecting to somehost.example.com. Even then, this is only feasible if the gateway is between your clients and the DNS server.

A clever way to solve this problem might be to use Anti-Bot DNS Trap.
What this will do is replace lookups for the domain with a bogus IP that goes...nowhere.
This assumes Anti-Virus and/or Anti-Bot blades are enabled.
Configure this in the relevant profile:

Capture1.PNG

You can create a CSV file with the relevant domains in it.
Something like:

observ1,somedomain1.com,Domain,,low,AV,Domain_to_block
observ2,somedomain2.com,Domain,,low,AV,Domain_to_block
observ3,somedomain3.com,Domain,,low,AV,Domain_to_block

Upload it as indicators:

Capture2.PNG

Install policy.

View solution in original post

(1)
Who rated this post