DNS Tunneling

Tunneling is a way to move packets from one network to another. In networking, tunnels are a method for transporting data across a network using protocols that are not supported by that network. Tunneling works by encapsulating packets: wrapping packets inside of other packets.

Packets are small pieces of data that can be re-assembled at their destination into a larger file.

Tunneling is often used in virtual private networks (VPNs). It can also set up efficient and secure connections between networks, enable the usage of unsupported network protocols, and in some cases allow users to bypass firewalls.

Domain Name System(DNS), is the protocol that translates human-friendly URLs, such as alpha.com, into machine-friendly IP addresses, such as 196.168.58.143

DNS Tunneling is basically a method of cyber attack that encodes the data of other programs or protocols in DNS queries and responses. DNS tunneling often includes data payloads that can be added to an attacked DNS server and used to control a remote server and applications.

DNS Tunneling working

DNS tunneling requires the compromised system to have external network connectivity, as DNS tunneling requires access to an internal DNS server with network access. Hackers must also control a domain and a server that can act as an authoritative server in order to execute the server-side tunneling and data payload executable programs. DNS tunneling enables these cyber criminals to insert malware or pass stolen information into DNS queries, creating a covert communication channel that bypasses most firewalls.

How DNS Tunneling works

1. The attacker acquires a domain, for example, theta.com.
2. The attacker configures the domain’s name servers to his own DNS server.
3. The attacker delegates a subdomain, such as “abcde.theta.com” and configures his machine as the subdomain’s authoritative DNS server.
4. Any DNS request made by the victim to “abcde.theta.com” will end up reaching the attacker’s machine.
5. The attacker’s machine encodes a response that will get routed back to the victim’s machine.

DNS Tunneling Tools

DNScat2

Iodine

Heyoka

Summary

A firewall is no longer enough to separate an internal network and keep it safe, and DNS tunneling is just one of the creative techniques that cyber criminals use to escape internal networks. To combat DNS tunneling, the burden has shifted away from the network to the endpoint. Security professionals and vendors must examine incoming and outgoing traffic at the endpoint to detect and defeat these attacks.

Written By:- Prateek Dutta,Student of B.Tech AI ,G.H.raisoni College of Engineering,Nagpur,Maharashtra,440016.