DNSSEC can be used for infiltration/tunneling (when you get data from a DNS servers) but there is a catch that such requests can be easily dropped.
Vadim > On 17 Jun 2018, at 09:44, Sten Carlsen <st...@s-carlsen.dk> wrote: > > Interesting, the Dnssec records with their by definition random and large > content seems to be the most interesting vehicle, at least at first sight. > > Will e.g. the google DNS server or any other resolver deliver and fetch this > data? At the moment I can't think of any reason it should not do so. > > To really block this, I think you would need to actually verify the > correctness of the data. > > On 17-06-2018 08.43, Blason R wrote: >> Hi Team, >> >> Can someone please guide if DNS exfiltration techniques can be identified >> using DNS RPZ? Or do I need to install any other third party tool like IDS >> to identify the the DNS beacon channels. >> >> Has anyone used DNS RPZ to block/detect data exfiltration? >> >> >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users >> <https://lists.isc.org/mailman/listinfo/bind-users> to unsubscribe from this >> list >> >> bind-users mailing list >> bind-users@lists.isc.org <mailto:bind-users@lists.isc.org> >> https://lists.isc.org/mailman/listinfo/bind-users >> <https://lists.isc.org/mailman/listinfo/bind-users> > > -- > Best regards > > Sten Carlsen > > No improvements come from shouting: > > "MALE BOVINE MANURE!!!" > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
