I don't understand why DNS forwarder traffic is considered Risk Catagory 4? I mean how can you use the internet without DNS?
Exactly. Because it is so widely used, it is easily exploitable. The ACC breakdown should list why the app was give a 4.
This document should also help break down how the research team determines risk level:
Take the risk level with a grain of salt. It just gives you an idea for potential threats on the network.
You can also modify the risk level in the PAN OS by clicking on Object > Applications, then clicking on the the app, and then selecting "customize" next to the risk number.
Thanks for answering my question. While I appreciate that DNS can be abused, I don't think it warrents a 4. So I will take your advice and adjust the rating to my liking.
I find myself in a similiar situation. With the DNS risk set to 4 it skews the overall safety of my network, and also hides other traffic from the Top risks on the Dashboard. I could lower the risk artificially, however will this compromise the appliances reaction actual DNS packet attacks? Will the system still exam and respond to actual attempts to exploit the vulnerabilities? Is there another alternative? Do I need to add a more specific definition of a "bad DNS" packet that can be filtered on?
Thanks to all who read and respond
New PA-500 administrator
You can modify the risk level of the DNS app without worry. It will not affect DNS attack detection/protection. It is only used in reporting and in the ACC.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!