4. How to stop DNS & ICMP Tunneling exploit

How to stop DNS & ICMP Tunneling exploit

  • P

    I desire to prevent, or nominalize, exploit Tunneling over DNS or ICMP.
    http://thomer.com/howtos/nstx.html
    http://thomer.com/icmptx/
    My wireless traffic travels through a pfSense imbedded unit then
    on through third party captive portal hotspot software
    (we couldn't use pfSense CP due to missing critical features).
    I hope for a solution that doesn't interfere with normal operation.
    Thanks, -pc

    0
  • P

    Would bandwidth limiting DNS & ICMP per host to a small level that still works well under normal circumstances be a good way to solve this?

    0
  • B

    @pcatiprodotnet:

    Would bandwidth limiting DNS & ICMP per host to a small level that still works well under normal circumstances be a good way to solve this?

    You could just block icmp and block DNS to everything except your DNS server.  That'll take care of ICMP tunneling, DNS tunnelling is still available of course, maybe someone else has an idea on how to take care of that (without using the traffic shaper - which would work also, in a roundabout way).

    –Bill

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy