cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
citkorohr
Level 9
Report Inappropriate Content
Message 1 of 4
‎12-05-2017 02:48 AM

DNS Lookup

Hi folks,

we have a product which connects to about 91 alternating IP adresses.

The producer of the software published a couple of DNS adresses which belongs to these IPs.

Normally it should connect to these DNS adresses, but unfortunaltely it doesn't.

It's a security software and it should be updated daily.

I want to build a rule for this which queries the IPs to DNS adresses to allow the access.

E.g.:

The software wants to connect to 1.1.1.1, 2.2.2.2, 3.3.3.3 and 4.4.4.4. These IPs belong to www.google.com.

Now I only want to allow the access to google.com and I don't want to maintain a list of allowed IPs which can change ofc.

Is it possible to build a rule in MWG which queries a lookup for google.com and allows the access to the refering IPs?

Greetings.

0 Kudos
Reply
3 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 4
‎12-05-2017 07:28 AM

Re: DNS Lookup

Hi Citkorohr,

This is possible in the rules using the "DNS.Lookup" property, and then using the domain you are interested in, however it can cause performance issues if not done right. Does this software run on all devices? Does the software make a request with a special user-agent?

See attached and screenshot below of ruleset that should do the trick (assuming the DNS lookups come back correctly). In your case, add any client IPs or the user-agent into the ruleset criteria, and replace securitysoftware.mwginternal.com within the DNS.Lookup criteria.

Let me know if that helps!

Best Regards,

Jon

2017-12-05_09-26_Allow Security Updates.zip
0 Kudos
Reply
citkorohr
Level 9
Report Inappropriate Content
Message 3 of 4
‎12-06-2017 02:04 AM

Re: DNS Lookup

Hi Jon,

thank you very much for your answer.

The software runs only on one server and we don't want to whitelist its' IP nor the user name.

Unfortunately the requests don't even have a user agent. There is just the connection request to about 90 IPs.

I have one additional criteria:

the dns.lookup attribute should be applied to a list of URLs.

Best regards.

0 Kudos
Reply
Former Member
Not applicable
Report Inappropriate Content
Message 4 of 4
‎12-06-2017 06:53 AM

Re: DNS Lookup

Hi Citrkorohr,

If you have multiple URLs, you'll need to create multiple rules -- one for each domain -- just copy and paste the rule.

If the software only runs on one server, then I think it'd be good to include it in the ruleset criteria, especially if you have multiple domains you want to lookup. We should only do these lookups if the request is based on IP, so I added the criteria "URL.HostIsIP" as a ruleset criteria and AND'd it with the Client.IP criteria.

If we do not have good criteria or limit the scope of these rules it will very likely cause performance issues for other users. At a bare minimum we should use the URL.HostIsIP criteria.

The resulting ruleset would look like this:

Best Regards,

Jon

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2023 Musarubra US LLC