Data exfiltration using DNS RPZ
Sten Carlsen
stenc at s-carlsen.dk
Sun Jun 17 16:44:28 UTC 2018
Interesting, the Dnssec records with their by definition random and
large content seems to be the most interesting vehicle, at least at
first sight.
Will e.g. the google DNS server or any other resolver deliver and fetch
this data? At the moment I can't think of any reason it should not do so.
To really block this, I think you would need to actually verify the
correctness of the data.
On 17-06-2018 08.43, Blason R wrote:
> Hi Team,
>
> Can someone please guide if DNS exfiltration techniques can be
> identified using DNS RPZ? Or do I need to install any other third
> party tool like IDS to identify the the DNS beacon channels.
>
> Has anyone used DNS RPZ to block/detect data exfiltration?
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180617/a458759d/attachment.html>
More information about the bind-users
mailing list