DNS tunneling for network penetration

Authors:
Daan Raman;Bjorn De Sutter;Bart Coppens;Stijn Volckaert;Koen De Bosschere;Pieter Danhieux;Erik Van Buggenhout
Affiliations:
Computer Systems Lab, Ghent University, Belgium;Computer Systems Lab, Ghent University, Belgium;Computer Systems Lab, Ghent University, Belgium;Computer Systems Lab, Ghent University, Belgium;Computer Systems Lab, Ghent University, Belgium;ITRA FSO, Ernst & Young, Belgium;ITRA FSO, Ernst & Young, Belgium
Venue:
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Year:
2012

Citing 4
Cited 0

The Best Damn Firewall Book Period

The Best Damn Firewall Book Period
Botnet Detection by Monitoring Group Activities in DNS Traffic

CIT '07 Proceedings of the 7th IEEE International Conference on Computer and Information Technology
Intrusion Detection Systems

Intrusion Detection Systems
The Stuxnet Computer Worm and Industrial Control System Security

The Stuxnet Computer Worm and Industrial Control System Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Most networks are connected to the Internet through firewalls to block attacks from the outside and to limit communication initiated from the inside. Because of the limited, supposedly safe functionality of the Domain Name System protocol, its traffic is by and large neglected by firewalls. The resulting possibility for setting up information channels through DNS tunnels is already known, but all existing implementations require help from insiders to set up the tunnels. This paper presents a new Metasploit module for integrated penetration testing of DNS tunnels and uses that module to evaluate the potential of DNS tunnels as communication channels set up through standard, existing exploits and supporting many different command-and-control malware modules.