On 05/02/2018 12:23 PM, Blason R wrote:
I would really appreciate if someone can shed light; if DNS based advanced attacks can be stopped using DNS RPZ? Like DNS beacon channels or Data Exfiltration through DNS queries.
If you know fixed aspects of the queries / responses, you can very likely filter them with Response Policy Zone.
However I think you will need Response Policy Service to be able to do more instrumentation / trending / tracking and filtering of unknown ahead of time aspects.
I think of RPS for DNS much like I think of milters for Sendmail.It's my understanding that RPS support is in BIND. However I'm not aware of any free RPS filters. I think there is at least one commercial implementation.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
