Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 4270 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Domain Name poisoning attacks and Sophos XG Protection

Deepak Verma

HI,

I have written about DNS security and Sophos XG firewall protection but didn't include Domain Name poisoning attacks in the DNS security because it is nothing to do with DNS traffic. It is extra web protection for Sophos XG users. The Domain name poisoning causing the name server to return an incorrect result record, e.g. an IP address. This results in traffic being diverted to the attacker's computer. 

 

The Sophos Firewall is offering a feature called "Pharming protection". Pharming protection protects users against domain name poisoning attacks by repeating DNS lookups before connecting. 

 

Read Full Blog Post: http://www.routexp.com/2019/04/domain-name-poisoning-attacks-and.html



This thread was automatically locked due to age.
Parents
  • 0

    Hi Deepak,

    this seems to contradict your previous post? If you wish to use the full security features of the XG DNS you need to make all DNS queries are passed through the XG DNS proxy.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi,

    I think you didn't read both blog posts. My both posts are showing different issue and solutions. My previous post was for the DNS and its security and this post is showing what if your localhost or local DNS server get a compromise. 

    Regards,

    Deepak Kumar

    Sophos Architect | NSE 4 | CCNP | CISE 

  • 0 in reply to Deepak Verma

    I read both and in one you are saying don't use the XG DNS and in the other if you want protection use the XG DNS.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi,

    in both examples, I am not using XG as a DNS server. The second blog is showing that If your internal DNS or System Host has been hacked then how XG can protect you using the Pharming Protection option.

    Regards,

    Deepak Kumar

    Sophos Architect | NSE 4 | CCNP | CISE 

Reply
  • 0 in reply to rfcat_vk

    Hi,

    in both examples, I am not using XG as a DNS server. The second blog is showing that If your internal DNS or System Host has been hacked then how XG can protect you using the Pharming Protection option.

    Regards,

    Deepak Kumar

    Sophos Architect | NSE 4 | CCNP | CISE 

Children
No Data
Cookie Information Banner