What is DNS Tunneling?

It is the ability to send and receive all types of data using the DNS.  It was first developed to allow the bypassing of captive portals for wifi – and it is still used for this today – as well as other uses.

 

Bandwidth Piracy

In regions of the world where data is expensive and therefore limited, subscribers utilize DNS tunneling software to bypass data limits, which enables them to access the internet without paying for it.  This usage of a service provider’s bandwidth without compensation leads to loss of revenue for the provider.

Optimized-shutterstock_350638013

Bypassing wifi controls with DNS Tunneling

Case_1
Optimized-shutterstock_engineer7-2

Data Exfiltration

The open nature of the DNS, which enables tunneling for bandwidth theft,  is also used by attackers as a method to exfiltrate stolen data. This data can be proprietary corporate data, private credit card or other financial data, or sensitive government information. In some countries, service providers are required to prevent the exfiltration of data with penalties for non-compliance.

 Exfiltrating Data from a Corporate Network

Case_2

Blocking DNS Tunneling with Secure64

Blocking DNS tunnels with Secure64 is done with an on-box security service, Secure64®TunnelGuard™,  that detects and automatically blocks DNS tunnels.  The service is:

Comprehensive:  Proprietary algorithm uses behavioral analytics to detect and block many types of tunnels

Accurate:  Built to be highly accurate, but threshold levels can be tuned

Real-time:  TunnelGuard detects tunnels after only a small number of DNS queries – the on-box detection enables tunnels to be detected before they have a chance to cause harm

Efficient:  Intelligent system only inspects suspicious cache misses, while deep packet inspections use highly optimized algorithms.  Altogether this provides minimal affect on performance.

TunnelGuard is part of Secure64® DNS Guard™, a security service that works with Secure64® DNS Cache™ to block malware, phishing, bots and DNS tunneling.  TunnelGuard can be purchased alone or with one or both of the other modules, FraudGuard and MalwareGuard.  To learn more about DNS Guard, click here. 

CLICK HERE to get the Secure64 TunnelGuard data sheet