Wednesday, February 9, 2011

From Arbitrary DNS Query to DNS Proxy

Most of today's corporate networks allow arbitrary DNS query.
Similarly wireless access points which are controlled by HTTP user credentials allow arbitrary DNS queries.


Attackers can easily bypass this restriction by setting up their remote DNS-based HTTP/Socks proxy servers.The thing is the restriction is set only on HTTP Data not others. Attackers can set up covert channels with DNS, ICMP, POP3 and so on.

No comments:

Post a Comment