UDP associated with DNS queries

I'm transferring the IP tables to the firewall access PIX501 list rules.

In our IP table rules, we have implemented rules udp to protest the DNS:

$IPTABLES - a udp_chains Pei d 158.152.1.13 udp - dport 53 - m state - State NEW-j ACCEPT

$IPTABLES - a udp_chains Pei udp s 158.152.1.13 - sport 53 m state - state ESTABLISHED, RELATED-j ACCEPT

But when I try to implement the same rule in the PIX firewall, I can't find any syntax that I can use for specified state. Is it possible to do in PIX?

Also, I noticed PIX firewall act as a protector of the domain name system (DNS). It seems that the firewall will automatically handle udp associated with DNS queries. It means that I need not implement these rules I mentioned above at all?

Hello

The Cisco PIX has built warning DNS, so no, you won't have to configure your IP channels.

Keep DNS:

DNS guard identifies an outgoing DNS query request and allows only one DNS returned to the sender. A host can query multiple servers for an answer where the first server is slow to respond; However, only the first answer to the specific question is allowed in. All additional responses from other servers are removed. After the client issues a DNS query, a dynamic translation allows packets UDP return from the DNS server. The default UDP timer expires in two minutes. DNS is often attacked, leaving open for two minutes translation creates an unnecessary risk. DNS guard is enabled by default and cannot be configured or disabled. DNS guard performs the following actions:

Upon receipt of the DNS response, automatically pull the UDP translation on the PIX firewall. It does not wait for the timer default UDP log.

Warns against the diversion of UDP session and denial of service (DoS) attacks.

The PIX does not support IP chain rules, you will need to configure ACLs.

Hope this helps, and if it please note post.

Tags: Cisco Security

Similar Questions

  • Problem with DNS SG300 for VLAN

    Hi all

    This week, I tried to implement a new SG300-52 L3 switch for switching and Vlan. The problem is that VLAN on the switch can't them get their DNS resolved. Probably a stupid thing that I can't see, but I think it's a given simple solution easy is not my expertise.

    So my configuration:

    -Router Wan ISP: LAN ip 10.0.0.1, DMZ: 10.0.0.2-> I use this router for support of the ISP. But it suckes, that's why we use own firewall router, forwarding port etc.

    -Nice router: WAN: 10.0.0.2, LAN: 192.168.1.1

    -Dip-switch SG300 L3:

    VLAN 1 (the default) ip 192.168.1.10/24

    IP VLAN 5 (for back-end servers) 10.1.1.1 / 24

    Added static routes:

    0000 / 0000-> 192.168.1.1 (so just send it to the router of Nice)

    This method works. I can ping switch, nice router, router ISP and ip of google to VLAN 5.

    But I can't ping google by using the host name.

    Leave in SG300 I can. So he has something to do with SG300 does not do DNS.

    My Client on VLAN 5 has 10.1.1.5 ip / 24, default gateway and dns pointing to switch: 10.1.1.1.

    I put an entry in the DNS of SG300 servers: 192.168.1.1 active (pointing to Nice router). Does not help.

    Work around:

    The default authorization pointing gateway to move customer. But put DNS server: 192.168.1.1 == Nice router.

    Now I can ping google.com. But this isn't what I want. Just a nasty workaround solution.

    Any help appreciated,

    Thank you

    Atam

    .

    I understand that you do not want to use the switch as your primary DNS, however the switch does not all DNS features which can manage DNS queries.

    DNS traffic must be addressed to a DNS server or a DNS proxy. The switch is unable to answer DNS queries. Simply thanks to the switch as your gateway by default, you route already traffic from the computer to the switch and then to the router.

    To give an example. If you send traffic telnet to the switch, you would get a telnet connection. If you send DNS traffic to the switch, you will not get a response that the switch does not know what to do with the request.

    I hope this information helps.

  • How to remove DNS queries for banned sites?

    Hello

    I'm looking to create a certain number of signatures to DNS queries for banned sites, the only way I've implemented successfully is to create a signature (string UDP), so he abandons all traffic UDP 53 containing the banned site regex string.

    I would like clarification from the experts to verify that this is the only way to do this, I know that there is a DNS Service engine, but I can't specify the COMPLETE domain name in this context. I don't know if I am missing something?

    Thank you very much

    You are on the right track. A personal signature of UDP is the only way you will find the applications that you want to remove.

    The DNS engine does not allow for the custom string matches.

    -Bob

  • Query to find the Pages and the list of permissions associated with a particular role in PS

    I want a query to find the Pages and the list of permissions associated with specific roles in PS.

    For example, if we see the role of manager accounts payable, it conatins Pages and the list of permissions.

    But, to get everything in EXCEL sheet by Manuel priocess's BIG job. So, can someone give me the query.

    Please try under queries

    The roles assigned to the list of Perm:

    SELECT B.ROLENAME

    OF PSCLASSDEFN A, PSROLECLASS B

    WHERE (A.CLASSID = B.CLASSID

    AND A.CLASSID =: 1).

    List of Perm pages can access:

    SELECT B.MENUNAME, B.BARNAME, B.BARITEMNAME, B.PNLITEMNAME, C.PAGEACCESSDESCR, B.DISPLAYONLY

    OF PSCLASSDEFN A, PSAUTHITEM B, PSPGEACCESSDESC C

    WHERE (A.CLASSID = B.CLASSID

    AND A.CLASSID =: 1

    AND B.BARITEMNAME > ' '

    AND B.AUTHORIZEDACTIONS = C.AUTHORIZEDACTIONS)

  • Is there a performance issue associated with SPARQL property path?

    Is there a performance issue associated with SPARQL property path?

    When we use paths property is our SPARQL queries, the queries never ends. I have a general problem, or do you have a problem with Jena and jena adapter version?

    We run Oracle 12 c. The Jena adapter has version 12.1.0.1.

    Thank you

    By Oyvind

    None of these requests ends. We have 300000 tuples in the model.

    SELECT subclass, superClass

    TABLE (SEM_MATCH)

    "SELECT? subclass? superclass WHERE {? rdfs:subClassOf + subclass? superclass} LIMIT 10'.

    SEM_Models ('isall1_x'),

    NULL, null, null, null,

    (= T, timeout = 100, qid = 123, STRICT_DEFAULT = F'));

    SELECT subclass, superClass

    TABLE (SEM_MATCH)

    "SELECT? subclass? superclass WHERE {graph? g {? subclass rdfs:subClassOf +? superclass}} LIMIT 10'.

    SEM_Models ('isall1_x'),

    NULL, null, null, null,

    (= T, timeout = 100, qid = 123, STRICT_DEFAULT = F'));

  • Question regarding tablespace TEMP and the o/s file associated with.

    Hello

    I want to write a simple query that returns the existing storage space and files that are part of each tablespace.

    I tried the script / query:
    col tablespace_name format a15
col datafile_name   format a35
col MB              format 999999
col "CreateSize MB" format 999999

--
-- following two queries present only to show the problem I'm running into
--

select ts#
     , name
  from v$tablespace;

select ts#
     , name
  from v$datafile;

--
-- this ALMOST works
--

select t.name tablespace_name
     , t.bigfile
     , d.name datafile_name
     , d.bytes/(1024*1024) MB
     , d.create_bytes/(1024 * 1024) "Create Size MB"
  from v$tablespace t
  join v$datafile   d
 using (ts#)
;
    The last query fails to display the files associated with it and the TEMP tablespace.

    Question: what tables should I ask to get a complete picture (one that is not lack of TEMP and its files)?

    Thank you for your help,

    John.

    V$ tempfile

    dba_temp_files

    Here you get a temporary tablespace.

    Concerning
    Asif kabir

  • Impossible to analyze your diet. Invalid XML: error on line 190: name of the "disabled" attribute associated with an element type "button" should be followed by the "=" character.

    Hello I am trying to download an episode of my Podcast podcast connect and get this error?

    Impossible to analyze your diet. Invalid XML: error on line 190: name of the "disabled" attribute associated with an element type "button" should be followed by the "=" character.

    my diet is validated? http://beprovidedhealthradio.libsyn.com/RSS

    It worked for my first episode? I don't know why it doesn't work for the second episode. I also use Libsyn if that helps.

    Your show is already in iTunes.

    https://iTunes.Apple.com/podcast/id1151562400?MT=2 & ls = 1

    And everything seems fine with it and your diet.  You ONLY SUBMIT YOUR FEED ONCE.

    That's it - better to stay outside of your podcast connect account - only bad things happen to go there and play with things.  Once again, your show is very well and is in iTunes and your flow is good with it.

    Both episodes show when you subscribe - and your most recent episode appears on the page of the iTunes, general store with in 24 hours from when you posted it.

    Rob W

    https://iTunes.Apple.com/us/podcast/beprovided-health-radio/id1151562400?MT=2 https://iTunes.Apple.com/us/podcast/beprovided-health-radio/id1151562400?MT=2

  • iCloud account associated with an abandoned email account and password

    My iCloud account is associated with an old email address that is no longer valid. I do not know the password, so I can't get access to it for backups, etc. The password that activates my AppleID doesn't to iCloud account - which included a previous AppleID. How can I regain access to my iCloud account and reset to associate my newest AppleID and password?

    Thank you!

    Enter your Apple ID and click Forgot password.

    Apple ID - manage

  • associated with another iPhone Apple - not mine ID!

    I bought a second hand iPhone retailer (not Apple) online. When I try to get help with this phone, Apple told me that the phone is associated with another Apple (not mine) ID so that they cannot help me. What should do?

    There is nothing you can do except return it for a refund.

  • Change the e-mail address associated with my iCloud

    All my stuff is backed up on my iCloud under [email protected], but I need the update [email protected] as I'm leaving olddomain.com and will not have access to this much longer email.  Is it possible to just change the email to a new gmail address so it is associated with is more than my former employer?

    Email address Apple ID

    https://support.Apple.com/en-us/HT201356

  • New version of Thunderbird grabs all Mac addresses Mail instead of simply treat associated with the email for Thunderbird account. Why?

    Old version not shown contacts associated with the email address associated with Thunderbird. New version captures all THE addresses listed in my Mac Mail address book program. Is a huge list if I'm looking for an address or a specific person. A real pain! Any way to stop this?

    Problem solved. Just say Thunderbird is not to use this address book. All back to normal now...

  • Some Excel files download but do not show associated with Excel or seem to have no file name extension.

    Some Excel files download but do not show associated with Excel or seem to have no file name extension. If I download these files using Internet Explorer, they open properly. I can add xls or xlsx file and it will open properly with Excel. If I select the file open the 'Open with' dialog box and I If select Excel, the file does not open at all... nothing happens and Excel does not open. The excel in the picture as an attachment file are those where I added the excel file name extension.

    Unfortunately, the way that Firefox gives the name of file is more literal and less improvisational than Internet Explorer, you may need to add this extension .xls or .xlsx yourself from time to time.

    If you want to do it in the shortest time, you can change the immediate download to ask you where to save the file, which also foresees the possibility to change the file name. If you want to try it, the setting is described here: start-up, homepage, tabs and download settings.

  • You cannot change the E-mail address associated with Apple ID

    I followed all the instructions to change the e-mail address associated with my Apple ID, including the signature of all THE browsers and devices that have previously been signed to my Apple accounts (icloud, itunes, etc.).  I also deleted my ID apple from my iPhone / iPad. The Apple ID page 'manage' I select "edit", "Change my e-mail address", and then I type in my new address, select 'continue' and screen dial just keeps turning and gets stuck.  I tried to use a new address "icloud.com", but that did not work.  Then I tried to use a new address "outlook.com", and that did not work; the dial at the same screen keeps turning but going nowhere.  Very frustrating.  Anyone have any idea why this is happening?

    I'm not sure what you are trying to do but you can not change the address to iCloud and you are never offered any opportunity to do so.

  • Is there a way to find the IP address associated with a device that is currently using my Apple ID?

    Hi, is it possible to find the IP address associated with a device that is currently using my Apple ID? There is a device currently using my Apple ID, and I would like to know its IP address. When I connect to appleid.com, the device is listed. The device is an iPhone. It is an emergency situation. Thank you.

    Unless it's on your local network, the IP address won't be useful to you in any way. (and no, you can do that)

    If this is really an "emergency", inform the authorities.

  • How I can corect the following protocols (rtsp) is not associated with any program or is not allowed in this context

    The address was not included

    Firefox doesn't know how to open this address, because one of the following protocols (rtsp) is not associated with any program or is not allowed in this context.

       You might need to install other software to open this address.

    I'm not a Curmudgeon, so please keep it simple.

    Thank you

    Firefox 32.0.3 has this security update.
    You can check the version in "> about".

Maybe you are looking for

  • My pictures do not want me to share a photo on Facebook

    Hi, my pictures I want to share photos on Facebook, but it does not work, and then everything freezes.

  • Type of change VeriStand system channel

    Hello I've developed a VeriStand project and I was wondering if anyone has any ideas on how I can change the types of channels in the system of double uint32, or uint64. I see that there is a .net NationalInstruments.VeriStand.Data object that has th

  • Vision Development Module run-time license?

    Hello everyone, I want to install an application to the University, I built on a laptop computer for use at another University. The application uses the driver NOR-IMAQdx for acquiring 2 USB, as well as various screw cameras since the vision developm

  • Photosmart HP 7520: Wireless Setup

    We had our laptop "debug" and when we restarted everything we put a new password consisting of lowercase and uppercase.  When you attempt to get the printer to recognize this, he requested the password.  I do not know how to enter the case-sensitive

  • Companion of Xperia does not open

    Its working fine so far. Today, it the same habit, just comes up with "companion closing unexpectedly. Tried to reinstall the software, tried to reinstall with antivirus off, followed by a reboot. Tried to run the applications folder and the phone it