cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

935
Views
0
Helpful
1
Replies
golly_wog
Beginner

How to drop DNS requests for banned sites?

Hi

I'm looking to create a number of signatures to drop DNS requests for banned sites, the only way I've successfully implemented this is creating a signature (string UDP), to drop any UDP/53 traffic containing the regex string of banned site.

I would like clarification from any experts to verify that this is the only way of acheiving this, I know that there's a Service DNS Engine, but I can't seem to specify the FQDN within this. I'm not sure if I'm missing something?

Many thanks

1 ACCEPTED SOLUTION

Accepted Solutions
rhermes
Rising star

You're on the right track. A custom UDP signature is the only way you'll find the requests you want to drop.

The DNS engine does not allow for custom string matches.

- Bob

View solution in original post

1 REPLY 1
rhermes
Rising star

You're on the right track. A custom UDP signature is the only way you'll find the requests you want to drop.

The DNS engine does not allow for custom string matches.

- Bob

View solution in original post

Content for Community-Ad