| Seiteneigenschaften |
|---|
DNS is one of the fundamental protocols of the Internet. Without the lookup services it provides, it would be difficult to find anything on the internet. To visit a website, you would need to know the exact IP address of the server hosting it, which is impossible. For this reason, DNS traffic is some of the most trusted data on the internet.
As of LCOS 10.50 RC3, all DNS queries that pass through the LANCOM DNS forwarder are therefore subjected to a security check. This prevents data tunnels from being transported via DNS messages.
Many Organizations let the DNS protocol pass through their firewall because their internal employees have to visit external websites and external users have Companies allow the DNS protocol to pass through their firewall (both inbound and outbound) because it is necessary for their internal employees to visit external sites and for external users to find their websites.
A network attack using with DNS tunneling takes advantage of this fact by using DNS requests queries to implement a command and control channel for malware. Inbound Incoming DNS traffic can transmit relay commands to the malware, while outbound outgoing traffic can exfiltrate sensitive data or provide forward data, sensitive information, or responses to the malware operator's requestsInquiries from malware operators. DNS tunneling can also be used to bypass regulations in networks, for example , by leveraging hotspot using access point logins or blocked services.
This works because DNS is a very flexible protocol. There are very few restrictions on the data that a DNS query contains because as it is designed to look up domain names of for websites. Since almost anything can be a domain name, these fields can be used to transmit convey sensitive information. These queries are designed to go to attacker-controlled target DNS servers controlled by attackers so that they can receive the queries and respond in the appropriate DNS responses.
DNS tunneling attacks are easy simple to carry hold out and there are numerous various DNS tunneling toolkits available.This makes it possible attainable even for inexperienced attackers to use this technique method to smuggle data export knowledge past a company' s network security solutions (e.g. firewall) or to bypass hotspots, for example, without while not having to authenticate a client.As of LCOS 10.50 RC3, all DNS queries that pass through the LANCOM DNS forwarder are therefore subjected to a security check. This prevents data tunnels from being transported via DNS messagescertify a client.
The check is activated by default, but can be deactivated if required in the configuration in the menu DNS → Filter/Aliases → DNS Tunnel Filter. However, we recommend not deactivating the check.
...