Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to stop DNS & ICMP Tunneling exploit

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pcatiprodotnet
      last edited by

      I desire to prevent, or nominalize, exploit Tunneling over DNS or ICMP.
      http://thomer.com/howtos/nstx.html
      http://thomer.com/icmptx/
      My wireless traffic travels through a pfSense imbedded unit then
      on through third party captive portal hotspot software
      (we couldn't use pfSense CP due to missing critical features).
      I hope for a solution that doesn't interfere with normal operation.
      Thanks, -pc

      1 Reply Last reply Reply Quote 0
      • P
        pcatiprodotnet
        last edited by

        Would bandwidth limiting DNS & ICMP per host to a small level that still works well under normal circumstances be a good way to solve this?

        1 Reply Last reply Reply Quote 0
        • B
          billm
          last edited by

          @pcatiprodotnet:

          Would bandwidth limiting DNS & ICMP per host to a small level that still works well under normal circumstances be a good way to solve this?

          You could just block icmp and block DNS to everything except your DNS server.  That'll take care of ICMP tunneling, DNS tunnelling is still available of course, maybe someone else has an idea on how to take care of that (without using the traffic shaper - which would work also, in a roundabout way).

          –Bill

          pfSense core developer
          blog - http://www.ucsecurity.com/
          twitter - billmarquette

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.