On Robust Covert Channels Inside DNS
نویسندگان
چکیده
Covert channels inside DNS allow evasion of networks which only provide a restricted access to the Internet. By encapsulating data inside DNS requests and replies exchanged with a server located outside the restricted network, several existing implementations provide either an IP over DNS tunnel, or a socket-like service (TCP over DNS). This paper contributes a detailed overview of the challenges faced by the design of such tunnels, and describes the existing implementations. Then, it introduces TUNS, our prototype of an IP over DNS tunnel, focused on simplicity and protocol compliance. Comparison of TUNS and the other implementations showed that this approach is successful: TUNS works on all the networks we tested, and provides reasonable performance despite its use of less efficient encapsulation techniques, especially when facing degraded network conditions.
منابع مشابه
Detecting DNS Tunnels Using Character Frequency Analysis
High-bandwidth covert channels pose significant risks to sensitive and proprietary information inside company networks. Domain Name System (DNS) tunnels provide a means to covertly infiltrate and exfiltrate large amounts of information passed network boundaries. This paper explores the possibility of detecting DNS tunnels by analyzing the unigram, bigram, and trigram character frequencies of do...
متن کاملIndirect DNS Covert Channel based on Base 16 Matrix for Stealth Short Message Transfer
Covert Channel are the methods to conceal a message in the volatile medium carrier such as radio signal and network packets. Until now, covert channels based on the packet length produce abnormal packet length when the length of the message is long. Abnormal packet length, especially in the normal network will expose the covert channels to network security perimeter. Therefore, it motivates the...
متن کاملA Covert Channel in TTL Field of DNS Packets
Covert channels are used as a means of secretly transferring information when there is a need to hide the fact that communication is taking place. With the vast amount of traffic on the internet, network protocols have become a common vehicle for covert channels, typically hiding information in the header fields of packets. Domain name service (DNS) packets contain a 32-bit time to live (TTL) f...
متن کاملDetection of Malicious and Low Throughput Data Exfiltration Over the DNS Protocol
In the presence of security countermeasures, a malware designed for data exfiltration must do so using a covert channel to achieve its goal. Among existing covert channels stands the domain name system (DNS) protocol. Although the detection of covert channels over the DNS has been thoroughly studied in the last decade, previous research dealt with a specific subclass of covert channels, namely ...
متن کاملPSUDP: A Passive Approach to Network-Wide Covert Communication
This paper explores taking a passive approach to covert communication over DNS. By exploiting the slack space that can be created in DNS packets, data may be inserted into packets without affecting the operation of DNS resolvers and security tools. Several locations in the packet exist that allow additional data to be inserted into the network traffic without being noticed by applications befor...
متن کامل