[eddy12]

"Tunneling IP over DNS will be one of the biggest security risks of the future". Discuss.

N.B. This is a question from a past exam paper (BSc Computer Science) worth 20 marks.

Anyone? :)

[ITstudent2006]

There is not a specific answer to this discussion. It is just that a discussion hence the discuss at the end...

Beings this is a discussion that requires some knowledge I think I am safe to assume you're in an IT Sec class? If so, then shouldn't you know this or at least have a good idea on where to start?

One last point, please read our guidelines on homework...

[eddy12]

Thanks for your reply. I am of course aware there is no specific answer, however that is not to say there is no answer, hence the forum it is posted on, hence my question, and hence the fact it was on a past exam paper.

I am having trouble with the word 'future', I am aware of current risks, however I am unsure of any future risks.

One last point, thank you for the link to the guidelines on homework, it was very useful. I could have been searching for 5 minutes, without finding it...

One final point, please use a dictionary to understand the word 'homework'. This is not homework, this is a past exam question, i.e. revision.

Thank you for your help, and for a pointer in the right direction.

[NeedKarma]

One final point, please use a dictionary to understand the word 'homework'. This is not homework, this is a past exam question, i.e. revision.

That was a little condescending. Sorry if we can't take your word for it.

You say you're aware of the current risks, what are they?

[ITstudent2006]

Thanks for your reply. I am of course aware there is no specific answer, however that is not to say there is no answer, hence the forum it is posted on, hence my question, and hence the fact it was on a past exam paper.

I am having trouble with the word 'future', I am aware of current risks, however I am unsure of any future risks.

One last point, thank you for the link to the guidelines on homework, it was very useful. I could have been searching for 5 minutes, without finding it...

One final point, please use a dictionary to understand the word 'homework'. This is not homework, this is a past exam question, i.e. revision.

Thank you for your help, and for a pointer in the right direction.

Your sarcasm is overwhelmingly pathetic, your lack of self-control via verbal abuse with arrogant innuendos is also very immature and shows your true character.

If you are not satisfied with an answer than say so. I will explain what I mean and where to find things around here. Attacking me is the last thing you want to do. I can be your best friend or your worst enemy. At this point it's up to you to decide that.


I will help you with your question because NSTX is something that has always interested me. Let me ask you this. If you could, when would you use IP-over-DNS? Give me some examples...

[eddy12]

Thank you for your reply and no sarcasm this time, I promise :) I do apologise for my obnoxious reply, but I am stressed with my up and coming exams and when I saw your reply it really didn't help with the already high stress levels, nevertheless I apologise.

Some examples would be, tunnelling IP over DNS at an internet café or airport (to evade paying, or to avoid the annoyance of advertisements); and tunnelling at a workplace if port 80/443 were blocked (or to 'help' evade detection).

I say 'help' as dns traffic is not usually large (unless doing a zone transfer) so you'd have to send small bits of information to blend in and avoid detection. However, it could get flagged as large data (large buffer overflow) and suspicious traffic over dns. Content inspection could also flag up http traffic through port 53.

Running out of characters, continued...

[eddy12]

... You are very kind to still offer your advice. Although I feel undeserving of it, it would be stupid for me to turn it down.

NeedKarma: Check the link below it's a good presentation from avaya. I've also included a link to googles cache, in case you are understandably sceptical of my .ppt link

http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-kaminsky/bh-us-04-kaminsky.ppt

http://docs.google.com/viewer?a=v&q=cache:uKHZ1UtC6GwJ:www.blackhat.com/presentations/bh-usa-04/bh-us-04-kaminsky/bh-us-04-kaminsky.ppt+%22to+find+addresses+in+.doxpara.com, +and+.doxpara.com+says+where+to+find+%22&hl=en&gl= uk&pid=bl&srcid=ADGEESjsBKGk6HOIkYzMy9UiniFW3ecx7X 3jgGqLk65Ik03uZN3s-LiTuW-Yf1NnoaCpcmjyIXYWpoI5Ky3rdJySmzwSuamNfpZo0yl8RL7Mu l9ZgT-cOCoRwCtJ7W6f39g0ifk_vXoh&sig=AHIEtbSdVmu_kNNYiRXa wTOPOct5J-Tkug

[ITstudent2006]

Some examples would be, tunnelling IP over DNS at an internet cafe or airport (to evade paying, or to avoid the annoyance of advertisements); and tunnelling at a workplace if port 80/443 were blocked (or to 'help' evade detection).

Bingo... IP-over-DNS was first used to get around corporate firewalls/proxies and then discovered to work to get around services that require payment (ie: library, Airport, etc.. )

Now take what you have written above and dispurse security flaws to them. What would be security flaws of by-passing your corporate firewall/proxy?

As time goes on technology only gets more broad and more ways are discovered to get around something. As soon as something is created , someone else finds a way around it. With time NSTX (and like programs ie: iodine) will only get bigger and better, in turn causing more security risks to those intending to block traffic (until you pay or unless your in a corporate environment)

As mentioned above, Iodine, can now be used on the iPhone and Ipad to tunnel IP-over-DNS. As stated earlier the more time goes on the bigger this is all going to get.

[eddy12]

Security flaws or issues could be firstly in regards to confidentiality, company confidential or sensitive information could be leaked. Secondly, malware could be brought in (if the person is a rouge insider they may be able to disable AV, IPS etc, or the chances being they won't need to tut tut, or the organisation may have devices that cannot be patched). Thirdly, if there are many users that do not have access to browse the internet, and they were to use IP over DNS it could have a negative impact on any bandwidth SLA's, which could have course have many detrimental ramifications. Fourthly, they could be breaching other policies by accessing porn, etc.

Running out of characters, continued...

[eddy12]

... Are you suggesting that an appropriate way to answer this question if it were to come up in my exam, would be to state current issues BUT ALSO to state how they could get worse as time goes on in regards to advancements in NSTX and the widespread use of iphones coupled with the availability of Iodine on such devices?

Thank you for your time.

[ITstudent2006]

Well the question as stated by yourself is "one of the biggest security risks in the future" however, since this is a discussion question I would include why it is a security risk now, and why it will only increase in the future. This has to do with iodine and iPads and iPhones and their increasing capabilities.

As this technology (phones and tablets) increase in capabilities so does their security risks. IMO the reason it says in the future is because it is still an unknown thing. A lot of people don't really know about it. Again, as technology increases the capability will be realized thus creating more of a security risk.

[eddy12]

Excellent, thank you for your help.

[ITstudent2006]

Not a problem at all!

[Alexandre Fenyo]

IP over DNS security flaws are mainly linked with DATA EXFILTRATION. I mean that, for a company, giving Internet access to internal devices is a way to loose confidential data. Compared to giving Internet access to people not allowed to browse the Internet, this is a far serious flaw, I think.