...
As of LCOS 10.50 RC3, all DNS queries that pass through the LANCOM DNS forwarder are therefore subjected to a security check. This prevents data tunnels from being transported via DNS messages.
Many Organizations let Companies and organisations usually allow the DNS protocol to pass bidirectionally through their firewall in both directions because because it is necessary for their employees have to visit websites in the internet and users or customers have access external websites. Customers and prospects, on the other hand, should be able to find the company's websites.
A network attack with DNS tunneling takes advantage of this by using DNS queries One way to attack a network via DNS is the method of DNS tunneling. Here, DNS requests are used to implement a command and control channel for malware. Incoming DNS traffic can relay transmits the commands to the malware , while and outgoing DNS traffic can forward data, sensitive information, or responses to Inquiries from malware operatorstransmits sensitive data and information to the attacker. DNS tunneling can also be used to bypass circumvent network regulations in networks, for example by using access point , e.g. by leveraging hotspot logins or blocked services.
This works because Since the DNS protocol is a very flexible protocol. There are very few restrictions on the data that a DNS query contains as it is designed to look up domain names for websites. Since almost anything can be a domain name, these fields can be used to convey sensitive information. These queries are designed to target DNS servers controlled by attackers so that they can receive the queries and respond in the appropriate DNS responses.very adaptable, such actions are usually successful. The requests are designed to be sent to DNS servers that are controlled by the attackers. Thus, the DNS servers are able to receive the requests and transmit data in corresponding DNS responses.
Since numerous DNS tunneling tools are offered for download on the Internet, DNS tunneling attacks can be carried out quite easily. Even inexperienced attackers are thus able to smuggle data past the security devices of a network (e.g. a firewall) or, for example, to bypass the login to a (paid) WLAN hotspot without having to authenticate the requesting WLAN DNS tunneling attacks are simple to hold out and there are various DNS tunneling toolkits available.This makes it attainable even for inexperienced attackers to use this method to export knowledge past a company' network security solutions (e.g. firewall) or to bypass hotspots, for example, while not having to certify a client.
The check is activated by default, but can be deactivated if required in the configuration in the menu DNS → Filter/Aliases → DNS Tunnel Filter. However, we recommend not deactivating the check.
...