Check Point Advisories

Resource Records Enforcement

Check Point Reference: CPAI-2004-49
Date Published: 28 Oct 2004
Severity: Critical
Last Updated: 8 May 2014
Source:
Protection Provided by:

Security Gateway
R80, R77, R75, R71, R70

Who is Vulnerable?
Vulnerability Description

Protection Overview

This protection allows you to set the maximum number of allowed Answer, Authority and Additional Resource Records within a reply to a DNS query sent over TCP.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update.For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75 / R71 / R70

  1. In the IPS tab, click Protections and find the Resource Records Enforcement protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

This protection's log will contain the following information:.

Attack Name:  DNS Enforcement Violation.
Attack Information:  . Resource Records Enforcement - Excessive number of Resource Records detected in reply. Resource Records Enforcement - Excessive number of Authority Resource Records detected in reply. Resource Records Enforcement - Excessive number of Additional Resource Records detected in reply. Resource Records Enforcement - DNS over TCP reply packet too short. Users of R55 will receive rule numbers 99653 and 99654 on their SmartView Tracker. - Rule 99653 - Excessive number of Resource Records detected in reply. - Rule 99654 - DNS over TCP reply packet too short.

This website uses cookies to ensure you get the best experience. Got it, Thanks! MORE INFO