Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Juniper Advanced Threat Prevention Cloud (ATP Cloud)

  • DNS DGA and tunnel detection (SRX Series)—Starting in Junos OS Release 21.2R1, you can configure DNS Domain Generation Algorithm (DGA) detection and DNS tunnel detection. This feature enables you to block the malicious domains and DNS-tunneled requests or responses generated by infected hosts and command-and-control (C&C) servers. DGA periodically generates a large number of domain names that are used as rendezvous points (RPs) with their C&C servers. DNS tunneling is a cyberattack method that encodes the data of malicious programs or protocols in DNS queries and responses.

    Use the set security-metadata-streaming policy policy-name detections dga and set security-metadata-streaming policy policy-name detections tunneling commands at the [edit services] hierarchy to configure DNS DGA and tunneling detections.

    [See security-metadata-streaming.]