Re: DNS traffic from DMZ to internal network - Is it vulnerable?
From: Barry Margolin (barmar@genuity.net)
Date: 11/27/02
- Next message: Manuel Benitez: "Re: DNS traffic from DMZ to internal network - Is it vulnerable?"
- Previous message: Barry Margolin: "Re: Bank Of America - sign on process - how is this secure?"
- In reply to: Doug Fox: "DNS traffic from DMZ to internal network - Is it vulnerable?"
- Next in thread: Manuel Benitez: "Re: DNS traffic from DMZ to internal network - Is it vulnerable?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Barry Margolin <barmar@genuity.net> Date: Wed, 27 Nov 2002 16:32:33 GMT
In article <3de4e8a2_1@news1.prserv.net>, Doug Fox <dfox168@hotmail.com> wrote:
>A customer has a Check Point FW-1 4.1 SP6 firewall with a DMZ. There is a
>requirement for DNS reverse lookup for a server in the DMZ. He wants to
>allow DNS (53/udp) traffic from the DMZ to access the internal DNS for
>reverse name resolution from the DMZ.
>
>To make this happen, the firewall rule has to allow DNS (53/udp) traffic
>from DMZ to the internal network. An opinion against this setup is that it
>could allow "intruder" to footprint the internal network?! Is there a way
>to mitigate the risk?
Limit the access to just that one DMZ server, not the entire DMZ subnet.
-- Barry Margolin, barmar@genuity.net Genuity, Woburn, MA *** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups. Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.
- Next message: Manuel Benitez: "Re: DNS traffic from DMZ to internal network - Is it vulnerable?"
- Previous message: Barry Margolin: "Re: Bank Of America - sign on process - how is this secure?"
- In reply to: Doug Fox: "DNS traffic from DMZ to internal network - Is it vulnerable?"
- Next in thread: Manuel Benitez: "Re: DNS traffic from DMZ to internal network - Is it vulnerable?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
