DNS Redirector
 Return to FAQ List


FAQ 39: Prevent the DNS Redirector server from attack

Category: Initial setup


On any network there is the potential for hostile or abusive users.

Resolution

At the least, you should 'harden the machine' by disabling unnecessary functions such as...
- Client for Microsoft Networks (under NIC properties)
- QoS Packet Scheduler (under NIC properties)
- File and Printer Sharing (under NIC properties)
- SSDP Discovery (Service)
- TCP/IP NetBIOS Helper (Service)
- "Universal Plug and Play Device Host" or "UPnP Device Host" (Service)
- Wireless Zero Configuration (Service) ...the DNS Redirector server should be hard-wired to the network, not wireless

Place a firewall (preferably hardware based, no NAT) between clients and the DNS Redirector server, allowing only UDP 53 (for DNS) and TCP 80 (for IIS) inbound to the server, see FAQ 142 and FAQ 37.

Use TCP/IP filtering (in Windows 2000 / 2003) or Windows Firewall.

Implement our CloudProtect script to protect against emerging threats.



Related articles
FAQ 102  Allow DNS Redirector through any firewalls

 
DNS Redirector | Legal Information | 2003-2017