topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Saturday December 14, 2024, 10:13 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

« previous next »
Pages: [1] • bottom

Author Topic: DNS logger & firewall for Win32  (Read 7765 times)

electronixtar

  • Member
  • Joined in 2007
  • **
  • Posts: 141
    • View Profile
    • Donate to Member
DNS logger & firewall for Win32
« on: November 14, 2009, 07:02 AM »
Hi all

I have a nasty ISP that tampers the UDP port 53 traffic all the time, but it does not accurs often. I need to gather some evidence and see if there's pattern. So I need a DNS firewall and a logger.

Are there any software that loggs every Windows gethostbyname() queries, and blocks incorrect answers with a rule?

thorazine74

  • Participant
  • Joined in 2008
  • *
  • default avatar
  • Posts: 11
    • View Profile
    • Donate to Member
Re: DNS logger & firewall for Win32
« Reply #1 on: November 20, 2009, 05:25 AM »
Dont know about blocking incorrect answers, but if you use Acrylic DNS Proxy you can see some sort of log of all dns queries, but they will be made by Acrylic, not Windows.

electronixtar

  • Member
  • Joined in 2007
  • **
  • Posts: 141
    • View Profile
    • Donate to Member
Re: DNS logger & firewall for Win32
« Reply #2 on: November 23, 2009, 09:01 AM »
Dont know about blocking incorrect answers, but if you use Acrylic DNS Proxy you can see some sort of log of all dns queries, but they will be made by Acrylic, not Windows.
-thorazine74 (November 20, 2009, 05:25 AM)

quite awesome software, defintely gonna try it out. Thank you!

electronixtar

  • Member
  • Joined in 2007
  • **
  • Posts: 141
    • View Profile
    • Donate to Member
Re: DNS logger & firewall for Win32
« Reply #3 on: November 24, 2009, 12:57 PM »
OK, I need a blacklist patch for Acrylic DNS Proxy, can DC help me out?

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,644
    • View Profile
    • Donate to Member
Re: DNS logger & firewall for Win32
« Reply #4 on: November 24, 2009, 04:42 PM »
With your ISP screwing around with the DNS queries wouldn't it be better to run your own DNS server?

eg. Treewalk

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: DNS logger & firewall for Win32
« Reply #5 on: November 24, 2009, 06:50 PM »
If they're tampering with the actual traffic on port 53, as opposed to just records from their own DNS servers (the impression I got), then you could probably prove it by using DNSSEC (will only work for certain TLDs though, .org is probably easiest).

Ehtyar.

electronixtar

  • Member
  • Joined in 2007
  • **
  • Posts: 141
    • View Profile
    • Donate to Member
Re: DNS logger & firewall for Win32
« Reply #6 on: November 25, 2009, 07:04 AM »
With your ISP screwing around with the DNS queries wouldn't it be better to run your own DNS server?

eg. Treewalk
-4wd (November 24, 2009, 04:42 PM)

It's slow and costs too much memory if you run long enough. Not worth it.
If they're tampering with the actual traffic on port 53, as opposed to just records from their own DNS servers (the impression I got), then you could probably prove it by using DNSSEC (will only work for certain TLDs though, .org is probably easiest).

Ehtyar.
-Ehtyar (November 24, 2009, 06:50 PM)

DNSSec is cool, but not all of TLD have it.

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Re: DNS logger & firewall for Win32
« Reply #7 on: November 25, 2009, 03:50 PM »
But purely in order to prove your DNS is being tampered with, it's the perfect solution. BIND is very reasonable with memory, despite what others may say about it...

Ehtyar.
Pages: [1] • top
« previous next »