08-01-2014 12:49 PM
Hello,
Most of the "Dynamic DNS" sites are categorized as Computer and Internet Info (PANDB). On occasion a device will get infected because of a Dynamic DNS redirect to a malicious site. The initial URL connection is through one of the DDNS sites. Because we allow "Computer and Internet Info", the connection is allowed to the final (malicious) destination. Besides hunting down every DDNS service and creating a custom URL block list - are there any solutions to better control these redirects? Thanks!
Cheers,
Mike
08-05-2014 04:59 PM
Assuming the URL is known to be malicious, you could implement DNS Sinkholing:
How to Configure DNS Sinkholing on PAN-OS 6.0
An alternative is to set an action of 'block' on your DNS Signature under your Anti-spyware profile.
I (personally) also like to configure my DNS server to point to OpenDNS servers and add an extra layer of protection (you can get an account with them, they will tie your public IP to the source of the DNS queries and filter those against their database). That means that you will be covered with both PAN-DB and OpenDNS databases for DNS queries.
Hope that helps,
Mariano.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
