Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to stop DNS & ICMP Tunneling exploit

    Firewalling
    2
    3
    4522
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pcatiprodotnet last edited by

      I desire to prevent, or nominalize, exploit Tunneling over DNS or ICMP.
      http://thomer.com/howtos/nstx.html
      http://thomer.com/icmptx/
      My wireless traffic travels through a pfSense imbedded unit then
      on through third party captive portal hotspot software
      (we couldn't use pfSense CP due to missing critical features).
      I hope for a solution that doesn't interfere with normal operation.
      Thanks, -pc

      1 Reply Last reply Reply Quote 0
      • P
        pcatiprodotnet last edited by

        Would bandwidth limiting DNS & ICMP per host to a small level that still works well under normal circumstances be a good way to solve this?

        1 Reply Last reply Reply Quote 0
        • B
          billm last edited by

          @pcatiprodotnet:

          Would bandwidth limiting DNS & ICMP per host to a small level that still works well under normal circumstances be a good way to solve this?

          You could just block icmp and block DNS to everything except your DNS server.  That'll take care of ICMP tunneling, DNS tunnelling is still available of course, maybe someone else has an idea on how to take care of that (without using the traffic shaper - which would work also, in a roundabout way).

          –Bill

          pfSense core developer
          blog - http://www.ucsecurity.com/
          twitter - billmarquette

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy