From the course: Cisco CCNP Security SCOR v1.1 (350-701) Cert Prep

Unlock this course with a free trial

Join today to access over 24,800 courses taught by industry experts.

DNS tunneling

DNS tunneling

From the course: Cisco CCNP Security SCOR v1.1 (350-701) Cert Prep

Start my 1-month free trial Buy for my team

DNS tunneling

- [Instructor] In this section, we want to take a look at several well-known data exfiltration techniques. The S-corp blueprint tells us that we need to be able to describe various techniques that threat actors may use to copy and transfer sensitive data from our networks. Let's begin with DNS Tunneling. DNS Tunneling is a tactic used by attackers for data exfiltration using the DNS protocol, to send non-DNS traffic over Port 53, the well-known port used by DNS. This can be used to send http and other protocol traffic over DNS. A common way that this is used is by sending command and control callbacks over DNS, which provides stealth for an attack. There are many ope- source DNS tunneling utilities available to perform this action, and typically, such a tool would be incorporated into an authoritative DNS name server. The attacker would register a domain, and the name server for the domain would point to the attacker server, where the tunneling software would be installed. The…

Contents