Data exfiltration using DNS RPZ
Blason R
blason16 at gmail.com
Sun Jun 17 17:48:45 UTC 2018
Excellent Inputs guys and thanks a ton for your feedbacks. RPS is quite
interesting and which one is commercial offering for the same?
On Sun, Jun 17, 2018 at 10:56 PM Grant Taylor via bind-users <
bind-users at lists.isc.org> wrote:
> On 06/17/2018 11:18 AM, Vadim Pavlov via bind-users wrote:
> > Just to be more clear. DNSSEC records can contain any content and can
> > be used for infiltration/tunneling.
>
> Ah. I think I see.
>
> > E.g. If you request DNSKEY record (you can encode your request in fqdn)
> > you will get it exactly "as is". Intermediate DNS servers do not
> validate
> > the records.
>
> You aren't talking about using the DNSSEC mechanisms to {in,ex}filtrate
> data as much as you are talking about {ab}using the resource records
> that DNSSEC uses as a vector to hide data.
>
> > So instead of "standard/usual" TXT records you can use DNSKEY to pass
> > data from a DNS remote server.
>
> ACK
>
> Thank you for the explanation.
>
>
>
> --
> Grant. . . .
> unix || die
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180617/e734b272/attachment-0001.html>
More information about the bind-users
mailing list