Dns tunnel detection/prevention
Grant Taylor
gtaylor at tnetconsulting.net
Sat May 24 02:24:21 UTC 2025
On 5/23/25 8:53 PM, Fred Morris wrote:
> If you fail in an outright, reproducible, measurable fashion you give
> your opponent predictability and confidence. As a defender you want to
> undermine that and look like an under-resourced, poorly administered
> network that somehow, we don't know exactly how but somehow: it's just
> bad luck. There's a crappy network and every time your adversary messes
> with it they just have inexplicable bad luck.
I understand the active and hidden (as in not overtly obvious) defender
mentality. But sometimes doing that brings it's own complexities and
vulnerabilities.
There's also the fact that allowing a small percentage to leak through
as the hey you beat the odds on a bad network link, is still allowing
things to leak through.
Different environments have different security posture and are willing
to tolerate different things.
--
Grant. . . .
More information about the bind-users
mailing list