DNS Risk Catagory 4?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

DNS Risk Catagory 4?

Not applicable

Hello,

I don't understand why DNS forwarder traffic is considered Risk Catagory 4? I mean how can you use the internet without DNS?

Thanks,

Daniel

6 REPLIES 6

L4 Transporter

Exactly. Because it is so widely used, it is easily exploitable. The ACC breakdown should list why the app was give a 4.

This document should also help break down how the research team determines risk level:

https://live.paloaltonetworks.com/docs/DOC-1090

Take the risk level with a grain of salt. It just gives you an idea for potential threats on the network.

You can also modify the risk level in the PAN OS by clicking on Object > Applications, then clicking on the the app, and then selecting "customize" next to the risk number.

Thanks for answering my question. While I appreciate that DNS can be abused, I don't think it warrents a 4. So I will take your advice and adjust the rating to my liking.

Thanks,

Daniel

Not applicable

Hi,

I find myself in a similiar situation.  With the DNS risk set to 4 it skews the overall safety of my network, and also hides other traffic from the Top risks on the Dashboard.  I could lower the risk artificially, however will this compromise the appliances reaction actual DNS packet attacks?  Will the system still exam and respond to actual attempts to exploit the vulnerabilities?  Is there another alternative?  Do I need to add a more specific definition of a "bad DNS" packet that can be filtered on?

Thanks to all who read and respond

Kevin Kutzera

New PA-500 administrator

Seattle, WA.

Hi Kevin,

You can modify the risk level of the DNS app without worry.  It will not affect DNS attack detection/protection.  It is only used in reporting and in the ACC.

Cheers,

Kelly

Will the custom risk levels hold through software updates?

Thanks
Bob

I think you sent this to the wrong Kevin. I'd be interested in the answer.

Kevin Kutzera

Director, Information Service

Sent from iPad

  • 3403 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!