FYI - IP tunnelling via DNS
Jerry Scharf
scharf at vix.com
Tue Sep 12 15:52:40 UTC 2000
Darren,
What you're missing is that I don't care about the name requested on the query
(or the query at all.) If I get too many TXT records from a given nameserver
with a given client in a specific period of time, I filter out all DNS to and
from that nameserver for a fsirly long period of time. Who cares that the
query is changing, it a rate trigger on a given nameserver to a given client.
Rate triggers are not trivial, but they are within what the fancier firewalls
can do. This is less brutal than blocking all TXT records, and will stil make
using DNS as a tunnel useless in all but the most dedicated circumstances.
jerry
More information about the bind-workers
mailing list