Malware DNS Trap

What can I do here?

Use this window to set the IP address for the Malware DNS trap.

Configuring a Malware DNS Trap

The Malware DNS trap works by configuring the Security Gateway to return a false (bogus) IP address for known malicious hosts and domains. You can use the Security Gateways external IP address as the DNS trap address but:

• Do not use a gateway address that leads to the internal network
• Do not use the gateway internal management address
• If the gateway external IP address is also the management address, select a different address for the DNS trap.

You can also add internal DNS servers to better identify the origin of malicious DNS requests.

Using the Malware DNS Trap you can detect compromised clients by checking logs with connection attempts to the false IP address.

At the Security Gateway level, you can configure the DNS Trap according to the profile settings or as a specific IP address for all profiles on the specific gateway.

To set the Malware DNS Trap parameters for the profile:

1. In SmartConsole, select Security Policies > Threat Prevention.
2. From the Threat Tools section, click Profiles.

   The Profiles page opens.

3. Right-click the profile, and click Edit.
4. From the navigation tree, click Malware DNS Trap.
5. Click Activate DNS Trap.
6. Enter the IP address for the DNS trap.
7. Optional: Add Internal DNS Servers to identify the origin of malicious DNS requests.
8. Click OK and close the Threat Prevention profile window.
9. Install the Threat Prevention policy.

To set the Malware DNS Trap parameters for a gateway:

1. In SmartConsole, click Gateways & Servers and double-click the Security Gateway.

   The gateway window opens and shows the General Properties page.

2. From the navigation tree, select Anti-Bot and Anti-Virus.
3. In the Malicious DNS Trap section, select one of these options:
   • According to profile settings - Use the Malware DNS Trap IP address configured for each profile.
   • IPv4 - Enter an IP address to be used in all the profiles assigned to this Security Gateway.
4. Click OK.
5. Install the policy.