This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

DNS Risk Catagory 4?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

DNS Risk Catagory 4?

numberall
Not applicable

‎07-09-2010 09:56 AM

Hello,

I don't understand why DNS forwarder traffic is considered Risk Catagory 4? I mean how can you use the internet without DNS?

Thanks,

Daniel

0 Likes Likes
6 REPLIES 6

mharding
L4 Transporter

‎07-09-2010 12:23 PM

Exactly. Because it is so widely used, it is easily exploitable. The ACC breakdown should list why the app was give a 4.

This document should also help break down how the research team determines risk level:

https://live.paloaltonetworks.com/docs/DOC-1090

Take the risk level with a grain of salt. It just gives you an idea for potential threats on the network.

You can also modify the risk level in the PAN OS by clicking on Object > Applications, then clicking on the the app, and then selecting "customize" next to the risk number.

0 Likes Likes

numberall
Not applicable
In response to mharding

‎07-09-2010 02:04 PM

Thanks for answering my question. While I appreciate that DNS can be abused, I don't think it warrents a 4. So I will take your advice and adjust the rating to my liking.

Thanks,

Daniel

0 Likes Likes

KKUTZERA
Not applicable

‎12-13-2010 03:38 PM

Hi,

I find myself in a similiar situation.  With the DNS risk set to 4 it skews the overall safety of my network, and also hides other traffic from the Top risks on the Dashboard.  I could lower the risk artificially, however will this compromise the appliances reaction actual DNS packet attacks?  Will the system still exam and respond to actual attempts to exploit the vulnerabilities?  Is there another alternative?  Do I need to add a more specific definition of a "bad DNS" packet that can be filtered on?

Thanks to all who read and respond

Kevin Kutzera

New PA-500 administrator

Seattle, WA.

0 Likes Likes

kbrazil
L4 Transporter
In response to KKUTZERA

‎12-15-2010 03:05 PM

Hi Kevin,

You can modify the risk level of the DNS app without worry.  It will not affect DNS attack detection/protection.  It is only used in reporting and in the ACC.

Cheers,

Kelly

0 Likes Likes

BobW
L4 Transporter
In response to kbrazil

‎05-01-2012 02:14 PM

Will the custom risk levels hold through software updates?

Thanks
Bob

0 Likes Likes

KKUTZERA
Not applicable
In response to BobW

‎05-01-2012 05:26 PM

I think you sent this to the wrong Kevin. I'd be interested in the answer.

Kevin Kutzera

Director, Information Service

Sent from iPad

0 Likes Likes
  • 3727 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks