Virtual Machine infrastructure (VMI) for acquiring DNS tunneling data

Virtual Machine infrastructure (VMI) for acquiring DNS tunneling data

Source publication
Preprint
Full-text available
Domain Name Service is a trusted protocol made for name resolution, but during past years some approaches have been developed to use it for data transfer. DNS Tunneling is a method where data is encoded inside DNS queries, allowing information exchange through the DNS. This characteristic is attractive to hackers who exploit DNS Tunneling method to...

Context in source publication

Context 1
... Virtual Machine Infrastructure (VMI) including all the required components for performing a DNS tunneling connection was deployed in order to proceed with the acquisition of DNS tunneling data. In the diagram from Fig. 2 it is possible to recognize the three main components involved in DNS tunneling: (a) the clients, which are a group a (possible) compromised machines inside the local network, (b) a local DNS server in charge of logging and resolving all local clients DNS requests. and (c) a computer outside the local network where DNS tunneling server ...

Similar publications

Article
Full-text available
Many enterprises are under threat of targeted attacks aiming at data exfiltration. To launch such attacks, in recent years, attackers with their malware have exploited a covert channel that abuses the domain name system (DNS) named DNS tunneling. Although several research efforts have been made to detect DNS tunneling, the existing methods rely on...