Abstract
Covert channels inside DNS allow evasion of networks which only provide a restricted access to the Internet. By encapsulating data inside DNS requests and replies exchanged with a server located outside the restricted network, several existing implementations provide either an IP over DNS tunnel, or a socket-like service (TCP over DNS). This paper contributes a detailed overview of the challenges faced by the design of such tunnels, and describes the existing implementations. Then, it introduces TUNS, our prototype of an IP over DNS tunnel, focused on simplicity and protocol compliance. Comparison of TUNS and the other implementations showed that this approach is successful: TUNS works on all the networks we tested, and provides reasonable performance despite its use of less efficient encapsulation techniques, especially when facing degraded network conditions.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Iodine, http://code.kryo.se/iodine/
Ozymandns, http://www.doxpara.com/
RFC 1035: Domain names - implementation and specification
RFC 2671: Extension mechanisms for DNS (EDNS0)
RFC 3095: ROHC framework and four profiles: RTP, UDP, ESP, and uncompressed
Llamas, D., Allison, C., Miller, A.: Covert channels in internet protocols: A survey. In: 6th Annual Postgraduate Symposium about the Convergence of Telecommunications, Networking and Broadcasting (2005)
Lucena, N., Lewandowski, G., Chapin, S.: Covert channels in iPv6. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 147–166. Springer, Heidelberg (2006)
Mejia-Nogales, J.L., Vidal-Beltran, S., Lopez-Bonilla, J.L.: Design and implementation of a secure access system to information resources for ieee 802.11 wireless networks. In: CERMA 2006: Proceedings of the Electronics, Robotics and Automotive Mechanics Conference (CERMA 2006) (2006)
Ray, B., Mishra, S.: Secure and reliable covert channel. In: CSIIRW 2008: Proceedings of the 4th annual workshop on Cyber security and informaiton intelligence research (2008)
Rowland, C.H.: Covert channels in the TCP/IP protocol suite. First Monday 2(5) (1997)
Zanders, S., Armitage, G., Branch, P.: Covert channels and countermeasures in computer network protocols. IEEE Communications Magazines 45(12) (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 IFIP International Federation for Information Processing
About this paper
Cite this paper
Nussbaum, L., Neyron, P., Richard, O. (2009). On Robust Covert Channels Inside DNS. In: Gritzalis, D., Lopez, J. (eds) Emerging Challenges for Security, Privacy and Trust. SEC 2009. IFIP Advances in Information and Communication Technology, vol 297. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-01244-0_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-01244-0_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-01243-3
Online ISBN: 978-3-642-01244-0
eBook Packages: Computer ScienceComputer Science (R0)