08-29-2016 10:59 PM - edited 02-21-2020 05:54 AM
Experts,
I have gone through some recent vulnerabilities document from cisco and came to read a topic on DNS Tunneling & an Application tool that may perform such activity - DNScapy.
"
DNScapy is a DNS tunneling tool. The code is very light and written in Python. It includes a server and a client. The server can handle multiple clients.
DNScapy creates an SSH tunnel through DNS packets. SSH connection, SCP and proxy socks (SSH -D) are supported. You can use CNAME records or TXT records for the tunnel. The default mode is RAND, which uses randomly both CNAME and TXT.
DNScapy uses Scapy (http://www.secdev.org/scapy) for DNS packet forging and for his network automation API.
"
Now, on the preventive end, is there any Signature Cisco may want to release for IPS & Sourcefire units?
Thanks!
Norix S.