To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

FSDFWD sneds DNS query

Millet
Millet Posts: 2 Security Scout

Why does FSDFWD send dns queries frequently ?

First, we added a blacklist of malicious domain in F-secure firewall rule. And we found that FSDFWD made DNS Client Service (Windows 7) send the DNS Query(malicious domain we added) frequently. Is this Normal ? What should we adjust to improve it ?

 

BTW, our environment is Windows 7 SP1 with f-secure client premium 12.20.

Comments

  • Laksh
    Laksh Posts: 237 Cybercrime Crusader

    Hi Millet,

     

    This needs further investigation. Please get in touch with our Support team with the fsdiag so that they can troubleshoot further.

     

  • Millet
    Millet Posts: 2 Security Scout

    @MJ-perComp wrote:

    Hi,

    what remote address did you enter to be blocked?
    An IP or a DNS-name?

     

    In the depth of  implementation a firewall can only block traffic based on IPs and ports. So if you want to block "malware.com" the firewall needs to know which IPs (can be several) hide behind malware.com.

     

    There is nothing bad in the DNS request itself, esp. if your DNS server is inhouse.

     



    What we added is the domain name("malware.com").Thank your explanation, we're going to adjust it.

     

    Whether is it possible that the f-secure server(inhouse) sent that dns queries instand of every client doing it ?

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master
    The better idea is to configure the company firewall to block. The local firewall on a Windows system is to protect that system from intruders either from the internet or from an already compromised other host. Also blacklisting one URL is pretty useless while thousands of other malicious sites are still up.
    Without further knowledge on your local network or what you really want to protect your users from it is difficult to give proper advise. Maybe you could try F-Secure Internet Gatekeeper to block from such sites.

    No, the local firewall must be independent from any external ressource. There is no way to avoid local DNS resolution as long as any software requests to resolve that URL.

    But as I wrote without detailed knowledge....
This discussion has been closed.

Categories