ZyXEL Communications USG FLEX H Series User Manual page 280

Table 140 Security Service > Reputation Filter > DNS Threat Filter
LABEL DESCRIPTION
Log These are the log options:
no: Do not create a log when there is a DNS query packet containing an FQDN with a bad
reputation.
log: Create a log on the Zyxel Device when there is a DNS query packet containing an
FQDN with a bad reputation.
log alert: An alert is an emailed log for more serious events that may need more immediate
attention. Select this to have the Zyxel Device send an alert when there is a DNS query
packet containing an FQDN with a bad reputation.
Redirect IP Select this action to have the Zyxel Device reply with a DNS reply packet containing a
default or custom-defined IP address when a DNS query packet contains an FQDN with a
bad reputation. The default IP is the
defined IP, then enter a valid IPv4 address in the text box.
Action When Set what action the Zyxel Device takes when there is an abnormal DNS query packet. A DNS
detecting
packet is defined as malformed when:
malform DNS
packets
•
•
•
pass: Select this action to have the Zyxel Device allow the DNS query packet through the
Zyxel Device.
drop: Select this action to have the Zyxel Device discard the abnormal DNS query packet
Select Log to create a log on the Zyxel Device when there is an abnormal DNS query
packet.
Statistics Enable to have the Zyxel Device collect DNS threat filter statistics. All of the statistics are
erased if you restart the Zyxel Device or click Flush Data in Security Statistics > Reputation
Filter > DNS Threat Filter.
Security Threat Select the categories of FQDNs that may pose a security threat to network devices behind
Categories the Zyxel Device.
Anonymizers Sites and proxies that act as an intermediary for surfing to other Web sites in an anonymous
fashion, whether to circumvent Web filtering or for other reasons.
Browser Exploits Sites that contain browser exploits. A browser exploit is any content that forces a web
browser to perform operations that you do not explicitly intend.
Malicious Sites that have been identified as containing malicious downloads or malware harmful to a
Downloads
user's computer.
Malicious Sites Sites that install unwanted software on a user's computer with the intent to enable third-
party monitoring or make system changes without the user's consent.
Phishing Sites that are used for deceptive or fraudulent purposes, such as stealing financial or other
user account information. These sites are most often designed to appear as legitimate sites
in order to mislead users into entering their credentials.
Spam URLs Sites that have been promoted through spam techniques.
Spyware Adware Sites that contain spyware, adware or keyloggers.
Keyloggers
•
•
•
Test Domain Name Category
Chapter 17 Reputation Filter
The number of entries in the question count field in the DNS header is 0
An error occurs when parsing the domain name in the question field
The length of the domain name exceeds 255 characters.
Spyware is a program installed on your computer, usually without your explicit
knowledge, that captures and transmits personal information or Internet browsing habits
and details to companies. Companies use this information to analyze browsing habits,
to gather marketing data, and to sell your information to others.
Key logger programs try to capture and steal your passwords and watch and record
everything you do on your computer.
Adware programs typically display blinking advertisements or pop-up windows when
you perform a certain action. Adware programs are often installed in exchange for
another service, such as the right to use a program without paying for it.
USG FLEX H Series User's Guide
280
dnsft.cloud.zyxel.com IP address. If you select custom-