1 Reply Latest reply on Jan 3, 2017 8:33 AM by Kary Tankink

    Blocking Port 53 Traffic with HIPS Firewall

    d_j

      I added a rule called Block Google DNS, specified the Remote IP (8.8.8.8) and UDP port 53. I also move it to the top of my chain as shown below.

      Picture2.png

       

      Once the rule is applied at the workstation, It shown at the top of the custom rules but below the McAfee default  rules. The problem is there is a default rule called McAfee - Allow DNS Resolution which, when I browse to the Internet with DNS of 8.8.8.8, is allow through because that rule allows it and my rule is never used (see below).

      Picture1.png

       

      I search the webs for answers to no avail. Does anybody know something I don't?

       

      Lastly, I understand I can block the domain however, I am looking to block potential DNS tunneling using the port. I also understand that DNS traffic can be routed over different ports as well. I am trying to trigger as much as I can at the host level before it gets to the net. engineer's side.

       

      Thanks in advance.