Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to stop DNS & ICMP Tunneling exploit

    Firewalling
    2
    3
    4532
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pcatiprodotnet last edited by

      I desire to prevent, or nominalize, exploit Tunneling over DNS or ICMP.
      http://thomer.com/howtos/nstx.html
      http://thomer.com/icmptx/
      My wireless traffic travels through a pfSense imbedded unit then
      on through third party captive portal hotspot software
      (we couldn't use pfSense CP due to missing critical features).
      I hope for a solution that doesn't interfere with normal operation.
      Thanks, -pc

      1 Reply Last reply Reply Quote 0
      • P
        pcatiprodotnet last edited by

        Would bandwidth limiting DNS & ICMP per host to a small level that still works well under normal circumstances be a good way to solve this?

        1 Reply Last reply Reply Quote 0
        • B
          billm last edited by

          @pcatiprodotnet:

          Would bandwidth limiting DNS & ICMP per host to a small level that still works well under normal circumstances be a good way to solve this?

          You could just block icmp and block DNS to everything except your DNS server.  That'll take care of ICMP tunneling, DNS tunnelling is still available of course, maybe someone else has an idea on how to take care of that (without using the traffic shaper - which would work also, in a roundabout way).

          –Bill

          pfSense core developer
          blog - http://www.ucsecurity.com/
          twitter - billmarquette

          1 Reply Last reply Reply Quote 0
          • First post
            Last post