Question & Answer
Question
Will the QRadar Network Security (XGS) appliance have an impact on, automatically drop, or block EDNS traffic?
Answer
IBM Security products do not have any compatibility issues with EDNS traffic. Our Intrusion Prevention agents (IBM Security Network Intrusion Prevention (GX) and Qradar Network Security (XGS) will not block EDNS traffic unless that traffic is abnormal and
triggers one of these existing DNS based signatures, and these signatures have a block response applied:
==========
DNS_Opt_Size_Mismatch (2115369)
triggers one of these existing DNS based signatures, and these signatures have a block response applied:
==========
DNS_Opt_Size_Mismatch (2115369)
DNS_Bind_OPT_DoS (2115003)
DNS_Bind_EDNS_Option_DoS (2104225)
DNS_Bind_Opt_ECS_DoS (2104294)
==========
==========
We do not currently have any EDNS 'specific' signatures or tuning parameters.
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSFSVP","label":"IBM QRadar Network Security"},"Component":"","Platform":[{"code":"PF004","label":"Appliance"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
30 January 2019
UID
ibm10869784