The Dangers Of DNS Tunneling

Posted by B. Hale

DNS enables the Internet, making it the perfect target for hackers. DNS exploits can disable the Internet, affecting particular time frames or regions of the world. A public DNS security event occurred several years ago when a famous hacker group said they would disable entire Internet. The threat concerns security experts around the world, prompting governments and corporations to add additional DNS protection to their systems

DNS Tunneling
Legitimate and black hat practices can disable access to websites via a proxy. Such taxes can restrict access to websites that perform essential functions. Exploiting the fact that DNS traffic does not go through most proxies helps restore access to blocked sites. Without DNS protection, DNS tunneling can become a legitimate threat.

DNS tunneling encapsulates data and uses the Internet naming system to send two-way information. As a result, any data can be tunneled from a network as long as domain lookups work. Everyone involved in network security should understand how tunneling can bypass traditional blocking systems. Employees behind the corporate firewall, for example, can exploit DNS traffic to gain access to forbidden domains. To begin a user must send an uncached DNS request to the local server. The server responds by sending a request to an external DNS server, creating traffic through the firewall.

Tunneling typically requires that users have control of an external DNS server. By creating specific records on the external server and configuring a local machine authorized on the corporate domain, users can execute a tunneling script to create a connection. Afterward, the socks proxy can supply a continuous connection.

DNS Protection
In most cases, provide slow connections, making productive use of tunnels difficult. DNS systems handle small amounts of information using low bandwidth, making them appealing only as a last resort for users trying to bypass firewalls. Despite the limitations of tunneling, hackers can use it to create botnets that use Such connections. Conventional security tactics often miss covert channels that use DNS tunneling and unwittingly facilitate hostile activities.

Many tools available online facilitate the creation of malware that exploits DNS traffic. Knowing that most administrators analyze protocols such as FTP and HTTP, malicious users can accomplish much by using tunneling botnets. The practice depends on creating breaking data into small pieces, sending it to DNS servers using UDP, and then reassembling it at the endpoint. Effective DNS protection depends on identifying and blocking such traffic. Network administrators and managers must realize the power of DNS tunneling and take action to keep their systems secure.