FYI - IP tunnelling via DNS
Bill Manning
bmanning at ISI.EDU
Tue Sep 12 08:03:00 UTC 2000
% able to pick this out reasonably quickly. You have a stream of DNS responses
% with the same source and dest and all TXT records, many of the same size,
% coming through. If you have some kind of rate limit trigger, you should be
% able to get a filter up for DNS from source to dest within not too many
% packets. In this case, it's ok to let a handlful or two packets through before
% plugging the hole. I wouldn't try to get the queries at all.
%
% Also looks like we found the "killer app" for edns0's larger packet size.
%
% jerry
Some people use TXT for legit purposes. Where would you
suggest setting the upper bound before filtering?
--
--bill
More information about the bind-workers
mailing list