cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

239
Views
0
Helpful
1
Replies

Why does Cisco Umbrella not block (SOA, NS, MX) queries/records?

Hello Everbody,

 

During my use of Umbrella, which I use to study the traffic of my customers, I was faced with the following information, Cisco does not block (NS, SOA, MX) records/queries, even thought the algorithm considering the domains as 100%(Score) malicious, I just received the following answer.

 

"

It is a decision that our development and engineering teams made on how to best protect clients and still allow functionality while maximizing security. If you would like, I can submit a feature request for them to consider adding the ability to block those types of records if you would like?

"

 

So they went on ahead and opened this "Feature Request", but I didn't received anything in which I could follow up, I believe they put it on the roadmap, but I can't guarantee, since they close the ticket right way after I saying yes to the opening of the "Feature Request". So in the end, whow know if it is true?

 

So I keep wandering, why not to block everthing related to a malicious domain? Even thought considered 100% malicious, they still have access to the supposed "Infected Machines" which still consult this domains throught (NS, MX, SOA).

 

Follow some exemples of phishing sites that still is permited inside the infrastructure:

 

gmaol.com

ggmail.com

gmai.com

gmial.com

outlook.om

gmial.com

 

I have more than hundreds observed in this same situation.

 

Best Regards

1 REPLY 1
Nicole3219
Beginner

It seems that I have similar query, did you get the solution for this?

 

 

Create
Recognize Your Peers
Content for Community-Ad