DNS Risk Catagory 4?

Reply
Not applicable

DNS Risk Catagory 4?

Hello,

I don't understand why DNS forwarder traffic is considered Risk Catagory 4? I mean how can you use the internet without DNS?

Thanks,

Daniel

Tags (2)
Highlighted
L4 Transporter

Re: DNS Risk Catagory 4?

Exactly. Because it is so widely used, it is easily exploitable. The ACC breakdown should list why the app was give a 4.

This document should also help break down how the research team determines risk level:

https://live.paloaltonetworks.com/docs/DOC-1090

Take the risk level with a grain of salt. It just gives you an idea for potential threats on the network.

You can also modify the risk level in the PAN OS by clicking on Object > Applications, then clicking on the the app, and then selecting "customize" next to the risk number.

Highlighted
Not applicable

Re: DNS Risk Catagory 4?

Thanks for answering my question. While I appreciate that DNS can be abused, I don't think it warrents a 4. So I will take your advice and adjust the rating to my liking.

Thanks,

Daniel

Highlighted
Not applicable

Re: DNS Risk Catagory 4?

Hi,

I find myself in a similiar situation.  With the DNS risk set to 4 it skews the overall safety of my network, and also hides other traffic from the Top risks on the Dashboard.  I could lower the risk artificially, however will this compromise the appliances reaction actual DNS packet attacks?  Will the system still exam and respond to actual attempts to exploit the vulnerabilities?  Is there another alternative?  Do I need to add a more specific definition of a "bad DNS" packet that can be filtered on?

Thanks to all who read and respond

Kevin Kutzera

New PA-500 administrator

Seattle, WA.

Highlighted
L4 Transporter

Re: DNS Risk Catagory 4?

Hi Kevin,

You can modify the risk level of the DNS app without worry.  It will not affect DNS attack detection/protection.  It is only used in reporting and in the ACC.

Cheers,

Kelly

Highlighted
L4 Transporter

Re: DNS Risk Catagory 4?

Will the custom risk levels hold through software updates?

Thanks
Bob

Highlighted
Not applicable

Re: DNS Risk Catagory 4?

I think you sent this to the wrong Kevin. I'd be interested in the answer.

Kevin Kutzera

Director, Information Service

Sent from iPad

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!