In this work we show how the infrastructure of the Domain Name System (DNS) can be profitably exploited to create unauthorized covert channels capable of transferring arbitrary information across firewalled networks. The approach relies on the possibility to perform recursive DNS queries, which is an aspect that is often overlooked in the set-up of restricted access public networks. We present an encapsulation protocol which is able to realize point-to-point tunnels by means of bogus, yet legacy, DNS datagrams, enabling communication between a host subject to network restrictions and an external server. We highlight also the main architectural features of an open source evasion tool that implements such protocol, discussing its effective viability and the overall performances achievable in very common scenarios such as public Wi-Fi hot-spots.

Network Evasion via DNS Covert Channels

TUCCI, PRIMIANO;FALDELLA, EUGENIO
2011

Abstract

In this work we show how the infrastructure of the Domain Name System (DNS) can be profitably exploited to create unauthorized covert channels capable of transferring arbitrary information across firewalled networks. The approach relies on the possibility to perform recursive DNS queries, which is an aspect that is often overlooked in the set-up of restricted access public networks. We present an encapsulation protocol which is able to realize point-to-point tunnels by means of bogus, yet legacy, DNS datagrams, enabling communication between a host subject to network restrictions and an external server. We highlight also the main architectural features of an open source evasion tool that implements such protocol, discussing its effective viability and the overall performances achievable in very common scenarios such as public Wi-Fi hot-spots.
PROCEEDINGS OF THE INTERNATIONAL CONFERENCE ON TELECOMMUNICATION SYSTEMS, MODELING AND ANALYSIS
97
103
P. Tucci; E. Faldella
File in questo prodotto:
Eventuali allegati, non sono esposti

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11585/109497
 Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact