Chapter 17 Reputation Filter
USG FLEX H Series User’s Guide
280
Log These are the log options:
no: Do not create a log when there is a DNS query packet containing an FQDN with a bad
reputation.
log: Create a log on the Zyxel Device when there is a DNS query packet containing an
FQDN with a bad reputation.
log alert: An alert is an emailed log for more serious events that may need more immediate
attention. Select this to have the Zyxel Device send an alert when there is a DNS query
packet containing an FQDN with a bad reputation.
Redirect IP Select this action to have the Zyxel Device reply with a DNS reply packet containing a
default or custom-defined IP address when a DNS query packet contains an FQDN with a
bad reputation. The default IP is the dnsft.cloud.zyxel.com IP address. If you select custom-
defined IP, then enter a valid IPv4 address in the text box.
Action When
detecting
malform DNS
packets
Set what action the Zyxel Device takes when there is an abnormal DNS query packet. A DNS
packet is defined as malformed when:
• The number of entries in the question count field in the DNS header is 0
• An error occurs when parsing the domain name in the question field
• The length of the domain name exceeds 255 characters.
pass: Select this action to have the Zyxel Device allow the DNS query packet through the
Zyxel Device.
drop: Select this action to have the Zyxel Device discard the abnormal DNS query packet
Select Log to create a log on the Zyxel Device when there is an abnormal DNS query
packet.
Statistics Enable to have the Zyxel Device collect DNS threat filter statistics. All of the statistics are
erased if you restart the Zyxel Device or click Flush Data in Security Statistics > Reputation
Filter > DNS Threat Filter.
Security Threat
Categories
Select the categories of FQDNs that may pose a security threat to network devices behind
the Zyxel Device.
Anonymizers Sites and proxies that act as an intermediary for surfing to other Web sites in an anonymous
fashion, whether to circumvent Web filtering or for other reasons.
Browser Exploits Sites that contain browser exploits. A browser exploit is any content that forces a web
browser to perform operations that you do not explicitly intend.
Malicious
Downloads
Sites that have been identified as containing malicious downloads or malware harmful to a
user's computer.
Malicious Sites Sites that install unwanted software on a user's computer with the intent to enable third-
party monitoring or make system changes without the user's consent.
Phishing Sites that are used for deceptive or fraudulent purposes, such as stealing financial or other
user account information. These sites are most often designed to appear as legitimate sites
in order to mislead users into entering their credentials.
Spam URLs Sites that have been promoted through spam techniques.
Spyware Adware
Keyloggers
Sites that contain spyware, adware or keyloggers.
• Spyware is a program installed on your computer, usually without your explicit
knowledge, that captures and transmits personal information or Internet browsing habits
and details to companies. Companies use this information to analyze browsing habits,
to gather marketing data, and to sell your information to others.
• Key logger programs try to capture and steal your passwords and watch and record
everything you do on your computer.
• Adware programs typically display blinking advertisements or pop-up windows when
you perform a certain action. Adware programs are often installed in exchange for
another service, such as the right to use a program without paying for it.
Test Domain Name Category
Table 140 Security Service > Reputation Filter > DNS Threat Filter
LABEL DESCRIPTION
To Next Page
Loading...
