From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 3 Endpoint Protection and Secure Access

Unlock this course with a free trial

Join today to access over 22,600 courses taught by industry experts.

DNS tunneling

DNS tunneling

From the course: Cisco CCNP SCOR Security (350-701) Cert Prep: 3 Endpoint Protection and Secure Access

Start my 1-month free trial Buy for my team

DNS tunneling

- [Instructor] In this section, we want to take a look at several well-known data exfiltration techniques. The SCOR blueprint tells us that we need to be able to describe various techniques that threat actors may use to copy and transfer sensitive data from our networks. Let's begin with DNS tunneling. DNS tunneling is a tactic used by attackers for data exfiltration using the DNS protocol to send non DNS traffic over port 53, the well-known port used by DNS. This can be used to send HTTP and other protocol traffic over DNS. A common way that this is used is by sending command and control callbacks over DNS which provides stealth for an attack. There are many open source DNS tunneling utilities available to perform this action and, typically, such a tool would be incorporated into an authoritative DNS name server. The attacker would register a domain and the name server for the domain would point to the attacker server where the tunneling software would be installed. The attacker…

Contents