FW_H_EnableDNSAttack

To enable intrusion detection of DNS attacks

1. In the console tree of ISA Server Management, click General.

2. In the details pane, click Enable Intrusion Detection and DNS Attack Detection.

3. On the DNS Attacks tab, click Enable detection and filtering of DNS attacks.

4. Select one or more of the following:

   • DNS host name overflow. If ISA Server should check for DNS host name overflow intrusion attempts. The DNS intrusion detection filter intercepts and analyzes DNS traffic destined for the Internal network. A DNS host name overflow intrusion occurs when a DNS response for a host name exceeds a certain fixed length.
   • DNS length overflow. If ISA Server should check for DNS length overflow intrusion attempts. A DNS length overflow intrusion occurs when a DNS response for IP addresses exceeds a specified length of 4 bytes.
   • DNS zone transfer. If ISA Server should check for DNS zone transfer intrusion attempts. A DNS zone transfer intrusion occurs when a client system uses a DNS client application to transfer zones from an internal DNS server.

Note

To open ISA Server Management, click Start, point to All Programs, point to Microsoft ISA Server, and then click ISA Server Management.
For ISA Server 2006 Enterprise Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Arrays, expand Array_Name, expand Configuration and then click General.
For ISA Server 2006 Standard Edition, expand Microsoft Internet Security and Acceleration Server 2006, expand Server_Name, expand Configuration and then click General.

Related Topics

Other Resources

ISALink_IntrusionDetection