Solved

How to Block Top Level Domain with Sonicwall

Posted on 2015-02-03
17
690 Views
Last Modified: 2015-03-22
What Network Objects and/or Firewall Rules could I use (or would I have to create) to block an entire top level domain with my Sonicwall?  We have no need to communicate with anyone not on a .com, .net, or .org domain and the spammers have been finding ingenious ways to bug the hell out of me from their .us, .in, .info, .biz, etc. domains.  I'd like to block all of these newer top level domains in a relatively easy fashion.  It's extreme yes, but I'm up against the clock.  Thanks in advance!
0
Comment
Question by:Mister Porsche GT3
  • 7
  • 6
  • 2
  • +1
17 Comments
 
LVL 14

Expert Comment

by:John-Charles-Herzberg
Comment Utility
This is how it did it on our Sonicwall NSA E5500

The top level domains can be blocked by adding them to the keywords blocking section. Browse to Security Services>Content Filter and then click configure. Then click on the custom list tab. Under the Keyword Blocking add the top level domain which would be blocked. Examples are .com, .net, .biz, .info, etc. Be sure to include the dot/period
0
 
LVL 14

Expert Comment

by:John-Charles-Herzberg
Comment Utility
Attached is a image of the screen I used.
Screen.jpg
0
 

Author Comment

by:Mister Porsche GT3
Comment Utility
Thanks John, but I neglected to mention that this is incoming traffic.  If I'm not mistaken, CFS is only to limit my employees from going to these sites correct?  I'm basically looking for a solution to block ALL emails coming from any domain EXCEPT .com, .net, and .org.
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
Comment Utility
@Mister Porsche GT3

you are right, CFS applies to web access only which means you can't use this way to filter general IP traffic this way, including email traffic.

unfortunately, the objects in SonicWALL must be IP addresses in numbers, hence domain based filter won't be applicable to SonicWALL objects. therefore your requirement CANNOT be fulfilled by your SonicWALL whatever it is running Standard or Enhanced version.

what you expect can be done by setting up your own DNS server which will be handling all your outgoing DNS requests against all domains. you may simply configure this DNS server to resolve ALL unwanted top domains (actually ANY unwanted domain) itself instead of forwarding the requests to up-level DNS server on the Internet (this is for allowed domains).

simply resolve these unwanted domain to 0.0.0.0 or an unused INTERNAL address, then all traffic to these domains will become nothing, never be accessible. sounds like what you need?

this method applies to all outgoing traffic, including ANY email traffic, so the spam links to the unwanted domains will be NEVER valid again.

does it make sense?
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
inckming traffic to the sonicwall is only an ip. DNS is for outgoing only. You can make address objects and they work for both in and out, but their star only goes one level deep. So *.biz won't block a.bad.biz

Any chance you are concerned about email, not web access? What are these "spammers" actually hitting on your network to bother you?
0
 

Author Comment

by:Mister Porsche GT3
Comment Utility
Aaron,

Yes, the concern is strictly regarding email traffic.  My employees don't actively seek them out.  Unfortunately, I am a member of a few organizations that blast out your email address "as a favor" to everyone else on their lists once you join their organization.  Once that happens, you get passed around quickly and some of those folks might even have viruses that bombard you.  To make a long story short...we're getting 2000+ emails a day that are complete garbage and seem to have found their way around Sonicwall's paid SPAM washing service.  Most of the emails are from junk domains like .biz, .us, .info, .adv, etc.
0
 

Author Comment

by:Mister Porsche GT3
Comment Utility
bbao,

I'm not worried about my employees following the phishing links to the incoming SPAM.  I just don't want to receive the SPAM at all.  So I'd like to block ALL incoming email except from the three top level domains.  Drastic I know, but I have interest talking to anyone but a few folks who don't have a URL in the top three.  For those few I can add them to a white list.
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
Alright now we are getting somewhere. What's your email server?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:Mister Porsche GT3
Comment Utility
Exchange 2013 with DAG
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
yeah, that's super easy to block right in exchange
https://technet.microsoft.com/en-us/library/bb124354%28v=exchg.150%29.aspx
0
 

Author Comment

by:Mister Porsche GT3
Comment Utility
Aaron,

We tried this, but the MAIL FROM header is too easily spoofed.  I tried blocking *.info for example in Exchange and kept getting emails from 5686873493@gmail.com (which is nearly impossible to block of course because they just increment the number and keep sending).  I'd like to figure out a way to block *.info while still performing something similar to a reverse DNS lookup.  I know you can use SPF records, but not everyone uses them and it's an "all or nothing" rule for blocking so even that is not a viable solution.
0
 
LVL 38

Accepted Solution

by:
Aaron Tomosky earned 500 total points
Comment Utility
Hence the existence of services you can pass your mail through. It's a never ending battle, but if you can knock out the majority of things, end users will have less to deal with.
0
 

Author Comment

by:Mister Porsche GT3
Comment Utility
Aaron,

I'll go ahead and give you the credit even though I'm still looking for an answer.  We have the Sonicwall SPAM washing subscription and it is useless.  I won't be renewing it.  Is Barracuda any better?
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
Never used barracuda, I think they are all beefy appliances, good reputation though. I've worked with a few larger orgs that use them and they seem powerful.

Do you really want to host your own? Have you looked at comodo or one of the other cloud services?
0
 

Author Comment

by:Mister Porsche GT3
Comment Utility
Unfortunately, a full cloud service is not an option.  Let's just say my customer is rather private...  ;-)
0
 
LVL 38

Expert Comment

by:Aaron Tomosky
Comment Utility
Best reason there is to run your own mail server.

As I don't have experience with any of them I won't mention any by name. Search for self hosted exchange spam filter and you will find lots of options
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now