DNS tunneling and data exfiltration

Tips-of-the-day.comThe tomorrow's technologiesDNS tunneling and data exfiltration

Every time you are trying to access a website, your action relies on the Domain Name System (DNS). But because of its vulnerabilities, DNS servers also became a very popular target for cyber attacks. DNS tunnelling is one of the most common DNS attacks, and can result in the theft of highly sensitive data.

The vulnerabilities of the DNS


Even though the Domain Name System is one of the key building blocks of the Internet, you probably don’t even know that it exists. Yet, it plays an essential role in how the Internet operates- actually, it is even part of the security architecture of enterprises. However, several vulnerabilities and weaknesses have been discovered and exploited by malicious users.


DNS has indeed always been a good candidate for data exfiltration– especially through DNS tunneling. The problem with this system is that whenever the hacker finds a vulnerability, there is no obvious way for a user to notice that something is wrong and that he is being hacked. There are three main reasons why DNS is vulnerable to these dangerous attacks:


  • The first reason is that DNS configuration is not necessarily secure; the DNS manages large number of queries which cannot all be efficiently monitored.
  • Because DNS queries are not monitored, the server does not know whether the connection it enables is good or bad. Consequently, it cannot see the threat or detect an illegitimate query.
  • Finally, DNS attacks can be very difficult to detect; in DNS tunneling, for instance, the attacker uses the regular process; this is why it is so difficult to detect.

DNS tunneling

Once a device is infected, the hacker can easily access sensitive company and customer data. Yet, too often, the DNS is overlooked and people do not even realise that it can be subjected to attacks. As a consequence, its open nature, combined with its lack of protection makes it a perfect target for various DNS attacks, such as DNS tunnelling, phishing, malware or cache poisoning. If before, assuring the security of your network was quite simple, strong security policies now need to be implemented and extended across your system.

DNS tunneling and data exfiltration

DNS tunneling is one of the most common cyber attacks likely to infiltrate your network. In this type of attack, the hacker builds what is called a “tunnel” which allows communication between the victim’s server and the malicious one. The hacker encodes the data in DNS responses and often includes data payloads to his attack- data payloads being the portion of a malware performing malicious actions and containing worms or viruses).


One of the advantages of DNS tunnelling is that hackers can easily get away without being detected, for even traditional firewalls cannot do anything against this type of attack.

DNS tunneling can have dramatic consequences for internet users, who don’t want their private data being appearing on websites, being shared or stolen through the tunnel. Hackers can indeed use them to steal money or to use companies confidential data for damaging their reputation. http://www.efficientip.com has developed a good solution. Companies have to implement effective measures to prevent their system becoming the victim of DNS attacks.