On Robust Covert Channels Inside DNS

  • Lucas Nussbaum
  • Pierre Neyron
  • Olivier Richard
Conference paper

DOI: 10.1007/978-3-642-01244-0_5

Volume 297 of the book series IFIP Advances in Information and Communication Technology (IFIPAICT)
Cite this paper as:
Nussbaum L., Neyron P., Richard O. (2009) On Robust Covert Channels Inside DNS. In: Gritzalis D., Lopez J. (eds) Emerging Challenges for Security, Privacy and Trust. SEC 2009. IFIP Advances in Information and Communication Technology, vol 297. Springer, Berlin, Heidelberg


Covert channels inside DNS allow evasion of networks which only provide a restricted access to the Internet. By encapsulating data inside DNS requests and replies exchanged with a server located outside the restricted network, several existing implementations provide either an IP over DNS tunnel, or a socket-like service (TCP over DNS). This paper contributes a detailed overview of the challenges faced by the design of such tunnels, and describes the existing implementations. Then, it introduces TUNS, our prototype of an IP over DNS tunnel, focused on simplicity and protocol compliance. Comparison of TUNS and the other implementations showed that this approach is successful: TUNS works on all the networks we tested, and provides reasonable performance despite its use of less efficient encapsulation techniques, especially when facing degraded network conditions.

Download to read the full conference paper text

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Lucas Nussbaum
    • 1
  • Pierre Neyron
    • 2
  • Olivier Richard
    • 3
  1. 1.LIP, ENS LyonFrance
  2. 2.INRIAFrance
  3. 3.Laboratoire d’Informatique de GrenobleFrance