[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] beginner's question on DNS
Title: RE: [FW1] beginner's question on DNS To
take this one step further, NEVER check the accept domain name over
TCP, in particulary if you host your own DNS servers! That is one of the
easiest ways for an attacker to footprint your network.
Secondly, as the note below explains, take out as many checks in policy
properties as possible and implement them explicitly. I recommend
following Lance's building a firewall rulebase document at www.enteract.com/~lspitz.
|