Palo Alto. Will do it all. Including block connections to ssl sites based on content of the flow. Ie: matching cerificates in the handshake.
Sent from my iPhone On Sep 8, 2016, at 12:44 PM, Sallee, Jake <jake.sal...@umhb.edu> wrote: >> Solving the issue is simple. Block the traffic. > > When the traffic is being tunneled out via dest port 443 over SSL to a > seemingly random list of servers blocking it is difficult. > > We do block all access to DNS servers that are not on-campus, so thoe people > who come in with static 8.8.8.8 and 8.8.4.4 and such notice pretty quick that > nothing works; but that is operating under the assumption that the standard > DNS ports are being used. > > I am looking for a DNS proxy that I can put in place to intercept and reply > to DNS requests, so if anyone knows of one please feel free to drop me a line. > > I know the technology exists I just haven't gotten around to it yet. My > working theory is to use a route map on my edge router to relay all the > requests to a DNS server I controll running BIND. But alas, this requires > time which I do not have at the moment and running tests that can potentially > take down our production network is frowned upon. > > Jake Sallee > Godfather of Bandwidth > System Engineer > University of Mary Hardin-Baylor > WWW.UMHB.EDU > > 900 College St. > Belton, Texas > 76513 > > Fone: 254-295-4658 > Phax: 254-295-4221 > > ________________________________________ > From: Tim DeNike <tim.den...@mcc.edu> > Sent: Wednesday, September 7, 2016 7:32 PM > To: packetfence-users@lists.sourceforge.net > Subject: Re: [PacketFence-users] Windows 10 & Kaspersky > > Solving the issue is simple. Block the traffic. The rest will work > itself out. People need to learn to not do things that break the > Internet. Using 3rd party DNS servers like that causes decreased > performance of the interwebzz. > > Sent from my iPhone > >> On Sep 7, 2016, at 6:54 PM, Sallee, Jake <jake.sal...@umhb.edu> wrote: >> >> I didn't see anyone else reply to this so here is what we are seeing. >> >> >> Scenario 1: (less likely) >> >> >> Some AV vendors (Kaspersky being one) are installing a DNS proxy with the AV >> software and are tunneling all DNS traffic to their own servers. I did some >> research a while ago into this and found the traffic was being tunneled out >> via port 443 but I do not remember who the AV vendor was at the time. >> >> >> We run split horizon DNS so the effects of this DNS proxy are rather >> serious; not only does it break our onboarding process, but it also denies >> access to most of our campus resources while the user is actually on campus. >> >> >> Sometimes it is a setting (in some versions of Norton) but other times it is >> just there and cannot be disabled as far as I can tell (as is the case with >> Kaspersky). >> >> >> Interestingly enough, stopping the Kaspersky services does not seem to fix >> the issue and we have to either uninstall the AV or manually register the >> user. >> >> >> Scenario 2: (more likely) >> >> >> There is an option to disable the built-in Windows DNS Client service when >> you install Kaspersky. If the user checked that it can cause DNS issues as >> well. You can check the Windows services manager and see if the DNS Client >> service is stopped and disabled, if it is that could be your issue. >> >> >> By default it should be set to automatic start and restart on all failures >> and should be running as "Network Service" >> >> >> Conclusion: >> >> >> It is a pain and we have no way of solving this issue, I am open to ideas >> though if anyone has them. >> >> >> Also, if anyone has a direct line to the folks at Kaspersky and/or the other >> vendors who are doing this ... tell them from me they deserve a swift kick >> in the naughty bits for all the trouble they are causing. >> >> >> Jake Sallee >> Godfather of Bandwidth >> System Engineer >> University of Mary Hardin-Baylor >> WWW.UMHB.EDU >> >> 900 College St. >> Belton, Texas >> 76513 >> >> Fone: 254-295-4658 >> Phax: 254-295-4221 >> ________________________________ >> From: Thomas, Gregory A <thom...@uwp.edu> >> Sent: Wednesday, September 7, 2016 1:14 PM >> To: packetfence-users@lists.sourceforge.net >> Subject: [PacketFence-users] Windows 10 & Kaspersky >> >> All, >> >> Is any one else having problems with Windows 10 and Kaspersky AV? >> >> I am having multiple folks that can connect to the network, but the browser >> reports: No Connection. >> >> Any clues on what I may need to change on my side or advice to give them to >> connect. >> >> -- >> Gregory A. Thomas >> Student Life Support Specialist >> University of Wisconsin-Parkside >> thom...@uwp.edu</owa/redir.aspx?C=PJoLX1MXo0SU0MLM7GrPmwxJzaMkdtAIgi4jkK-AXpCwJ307G0bt2lvFPw4WGoqQ06Tt1qwrKAA.&URL=mailto%3athomasg%40uwp.edu> >> 262.595.2432 >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> PacketFence-users mailing list >> PacketFence-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/packetfence-users > > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users > ------------------------------------------------------------------------------ > _______________________________________________ > PacketFence-users mailing list > PacketFence-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-users ------------------------------------------------------------------------------ _______________________________________________ PacketFence-users mailing list PacketFence-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-users
