Thank you for this video. However, this implies hosts are accessing Internet directly. How can we achieve this (tagging compromised hosts and taking actions) when users access Internet through a proxy server ? Could we play with the xff header somehow ?
Connection request (usually after dns resolution is done )from client to malware sites will be blocked .If dns request is blocked then whole purpose of using dns sinkhole at firewall will defeated .it is basically used to know the infected client ip or name so that virus or bot can be removed from infected system by antivirus administrator.
@@DeepakKumar-ov8ko Nope, he's right. You first rule would basically deny all dns requests coming from the internal DNS Server, thus preventing all users from accessing internet.
@@giovalleyk if it blocks the whole dns request from internal server , it will be a kind of outage situation and whole purpose of detecting infected system is defeated.
![The Wall Song ร้องข้ามกำแพง | EP.213 | กรีน อัษฎาพร | 3 ต.ค. 67 [1/5]](http://i.ytimg.com/vi/3KrlLbCsadI/mqdefault.jpg)
Thanks very much for the clear explanation! Can we also create a response page for the user if he hits any malicious website?
Thank you for this video.
However, this implies hosts are accessing Internet directly. How can we achieve this (tagging compromised hosts and taking actions) when users access Internet through a proxy server ? Could we play with the xff header somehow ?
If you block 🚫 internal DNS Isn’t whole network DNS 🚫 and nobody can surf internet?
Connection request (usually after dns resolution is done )from client to malware sites will be blocked .If dns request is blocked then whole purpose of using dns sinkhole at firewall will defeated .it is basically used to know the infected client ip or name so that virus or bot can be removed from infected system by antivirus administrator.
@@DeepakKumar-ov8ko Nope, he's right. You first rule would basically deny all dns requests coming from the internal DNS Server, thus preventing all users from accessing internet.
@@giovalleyk if it blocks the whole dns request from internal server , it will be a kind of outage situation and whole purpose of detecting infected system is defeated.