DNS traffic from DMZ to internal network - Is it vulnerable?
From: Doug Fox (dfox168@hotmail.com)
Date: 11/27/02
- Next message: Andy@nospam.co.uk: "Re: A Royal Name"
- Previous message: Jim Grimmett: "Re: netbios"
- Next in thread: Barry Margolin: "Re: DNS traffic from DMZ to internal network - Is it vulnerable?"
- Reply: Barry Margolin: "Re: DNS traffic from DMZ to internal network - Is it vulnerable?"
- Reply: Manuel Benitez: "Re: DNS traffic from DMZ to internal network - Is it vulnerable?"
- Reply: David: "Re: DNS traffic from DMZ to internal network - Is it vulnerable?"
- Reply: phn@icke-reklam.ipsec.nu: "Re: DNS traffic from DMZ to internal network - Is it vulnerable?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Doug Fox" <dfox168@hotmail.com> Date: Wed, 27 Nov 2002 10:27:23 -0500
A customer has a Check Point FW-1 4.1 SP6 firewall with a DMZ. There is a
requirement for DNS reverse lookup for a server in the DMZ. He wants to
allow DNS (53/udp) traffic from the DMZ to access the internal DNS for
reverse name resolution from the DMZ.
To make this happen, the firewall rule has to allow DNS (53/udp) traffic
from DMZ to the internal network. An opinion against this setup is that it
could allow "intruder" to footprint the internal network?! Is there a way
to mitigate the risk?
Any comments are appreciated.
- Next message: Andy@nospam.co.uk: "Re: A Royal Name"
- Previous message: Jim Grimmett: "Re: netbios"
- Next in thread: Barry Margolin: "Re: DNS traffic from DMZ to internal network - Is it vulnerable?"
- Reply: Barry Margolin: "Re: DNS traffic from DMZ to internal network - Is it vulnerable?"
- Reply: Manuel Benitez: "Re: DNS traffic from DMZ to internal network - Is it vulnerable?"
- Reply: David: "Re: DNS traffic from DMZ to internal network - Is it vulnerable?"
- Reply: phn@icke-reklam.ipsec.nu: "Re: DNS traffic from DMZ to internal network - Is it vulnerable?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
