> Solving the issue is simple. Block the traffic. When the traffic is being tunneled out via dest port 443 over SSL to a seemingly random list of servers blocking it is difficult.
We do block all access to DNS servers that are not on-campus, so thoe people who come in with static 8.8.8.8 and 8.8.4.4 and such notice pretty quick that nothing works; but that is operating under the assumption that the standard DNS ports are being used. I am looking for a DNS proxy that I can put in place to intercept and reply to DNS requests, so if anyone knows of one please feel free to drop me a line. I know the technology exists I just haven't gotten around to it yet. My working theory is to use a route map on my edge router to relay all the requests to a DNS server I controll running BIND. But alas, this requires time which I do not have at the moment and running tests that can potentially take down our production network is frowned upon. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor WWW.UMHB.EDU 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 ________________________________________ From: Tim DeNike <tim.den...@mcc.edu> Sent: Wednesday, September 7, 2016 7:32 PM To: packetfence-users@lists.sourceforge.net Subject: Re: [PacketFence-users] Windows 10 & Kaspersky Solving the issue is simple. Block the traffic. The rest will work itself out. People need to learn to not do things that break the Internet. Using 3rd party DNS servers like that causes decreased performance of the interwebzz. Sent from my iPhone > On Sep 7, 2016, at 6:54 PM, Sallee, Jake <jake.sal...@umhb.edu> wrote: > > I didn't see anyone else reply to this so here is what we are seeing. > > > Scenario 1: (less likely) > > > Some AV vendors (Kaspersky being one) are installing a DNS proxy with the AV > software and are tunneling all DNS traffic to their own servers. I did some > research a while ago into this and found the traffic was being tunneled out > via port 443 but I do not remember who the AV vendor was at the time. > > > We run split horizon DNS so the effects of this DNS proxy are rather serious; > not only does it break our onboarding process, but it also denies access to > most of our campus resources while the user is actually on campus. > > > Sometimes it is a setting (in some versions of Norton) but other times it is > just there and cannot be disabled as far as I can tell (as is the case with > Kaspersky). > > > Interestingly enough, stopping the Kaspersky services does not seem to fix > the issue and we have to either uninstall the AV or manually register the > user. > > > Scenario 2: (more likely) > > > There is an option to disable the built-in Windows DNS Client service when > you install Kaspersky. If the user checked that it can cause DNS issues as > well. You can check the Windows services manager and see if the DNS Client > service is stopped and disabled, if it is that could be your issue. > > > By default it should be set to automatic start and restart on all failures > and should be running as "Network Service" > > > Conclusion: > > > It is a pain and we have no way of solving this issue, I am open to ideas > though if anyone has them. > > > Also, if anyone has a direct line to the folks at Kaspersky and/or the other > vendors who are doing this ... tell them from me they deserve a swift kick in > the naughty bits for all the trouble they are causing. > > > Jake Sallee > Godfather of Bandwidth > System Engineer > University of Mary Hardin-Baylor > WWW.UMHB.EDU > > 900 College St. > Belton, Texas > 76513 > > Fone: 254-295-4658 > Phax: 254-295-4221 > ________________________________ > From: Thomas, Gregory A <thom...@uwp.edu> > Sent: Wednesday, September 7, 2016 1:14 PM > To: packetfence-users@lists.sourceforge.net > Subject: [PacketFence-users] Windows 10 & Kaspersky > > All, > > Is any one else having problems with Windows 10 and Kaspersky AV? > > I am having multiple folks that can connect to the network, but the browser > reports: No Connection. > > Any clues on what I may need to change on my side or advice to give them to > connect. > > -- > Gregory A. Thomas > Student Life Support Specialist > University of Wisconsin-Parkside > thom...@uwp.edu</owa/redir.aspx?C=PJoLX1MXo0SU0MLM7GrPmwxJzaMkdtAIgi4jkK-AXpCwJ307G0bt2lvFPw4WGoqQ06Tt1qwrKAA.&URL=mailto%3athomasg%40uwp.edu> > 262.595.2432 > > > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
