Return to FAQ List
FAQ 39: Prevent the DNS Redirector server from attackCategory: Initial setup
On any network there is the potential for hostile or abusive users.
At the least, you should 'harden the machine' by disabling unnecessary functions such as...
- Client for Microsoft Networks (under NIC properties)
- QoS Packet Scheduler (under NIC properties)
- File and Printer Sharing (under NIC properties)
- SSDP Discovery (Service)
- TCP/IP NetBIOS Helper (Service)
- "Universal Plug and Play Device Host" or "UPnP Device Host" (Service)
- Wireless Zero Configuration (Service) ...the DNS Redirector server should be hard-wired to the network, not wireless
Place a firewall (preferably hardware based, no NAT) between clients and the DNS Redirector server,
allowing only UDP 53 (for DNS) and TCP 80 (for IIS) inbound to the server, see FAQ 142 and FAQ 37.
Use TCP/IP filtering (in Windows 2000 /
2003) or Windows Firewall.
FAQ 102 Allow DNS Redirector through any firewalls