Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint

Advanced DNS Inspection

The ASA firewalls provide advanced DNS inspection features that protect your network from DNS spoofing and cache-poisoning attacks. In spring of 2008, Dan Kaminsky discovered one of the greatest vulnerabilities in the history of the Internet, and it had to do with poisoning major DNS servers. Although the details of the attack are fascinating, they are beyond the scope of this Quick Reference. Refer to www.doxpara.com for more information. The ASA provides the following advanced DNS inspection features to combat DNS attacks:

  • Require transaction signatures (TSIG)

  • Notification for excessive mismatched DNS responses

  • DNS ID randomization

  • Mask DNS flags

  • Block DNS types

  • Limiting of domains that can be queried

  • Mask the recursion desired (RD) bit

  • Set maximum message-length


  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free 10-Day Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint