This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Domain Name poisoning attacks and Sophos XG Protection

HI,

I have written about DNS security and Sophos XG firewall protection but didn't include Domain Name poisoning attacks in the DNS security because it is nothing to do with DNS traffic. It is extra web protection for Sophos XG users. The Domain name poisoning causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to the attacker's computer.

The Sophos Firewall is offering a feature called "Pharming protection". Pharming protection protects users against domain name poisoning attacks by repeating DNS lookups before connecting.

Read Full Blog Post: http://www.routexp.com/2019/04/domain-name-poisoning-attacks-and.html

This thread was automatically locked due to age.

0 rfcat_vk over 6 years ago

Hi Deepak,

this seems to contradict your previous post? If you wish to use the full security features of the XG DNS you need to make all DNS queries are passed through the XG DNS proxy.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 Deepak Verma over 6 years ago in reply to rfcat_vk

Hi,

I think you didn't read both blog posts. My both posts are showing different issue and solutions. My previous post was for the DNS and its security and this post is showing what if your localhost or local DNS server get a compromise.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 6 years ago in reply to Deepak Verma

I read both and in one you are saying don't use the XG DNS and in the other if you want protection use the XG DNS.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 Deepak Verma over 6 years ago in reply to rfcat_vk

Hi,

in both examples, I am not using XG as a DNS server. The second blog is showing that If your internal DNS or System Host has been hacked then how XG can protect you using the Pharming Protection option.
Cancel
Vote Up 0 Vote Down

Cancel