On Robust Covert Channels Inside DNS

  • Lucas Nussbaum
  • Pierre Neyron
  • Olivier Richard
Conference paper
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 297)


Covert channels inside DNS allow evasion of networks which only provide a restricted access to the Internet. By encapsulating data inside DNS requests and replies exchanged with a server located outside the restricted network, several existing implementations provide either an IP over DNS tunnel, or a socket-like service (TCP over DNS). This paper contributes a detailed overview of the challenges faced by the design of such tunnels, and describes the existing implementations. Then, it introduces TUNS, our prototype of an IP over DNS tunnel, focused on simplicity and protocol compliance. Comparison of TUNS and the other implementations showed that this approach is successful: TUNS works on all the networks we tested, and provides reasonable performance despite its use of less efficient encapsulation techniques, especially when facing degraded network conditions.


Packet Loss Covert Channel Upload Bandwidth Protocol Compliance Network Emulation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
  2. 2.
  3. 3.
  4. 4.
  5. 5.
    RFC 1035: Domain names - implementation and specificationGoogle Scholar
  6. 6.
    RFC 2671: Extension mechanisms for DNS (EDNS0)Google Scholar
  7. 7.
    RFC 3095: ROHC framework and four profiles: RTP, UDP, ESP, and uncompressedGoogle Scholar
  8. 8.
    Llamas, D., Allison, C., Miller, A.: Covert channels in internet protocols: A survey. In: 6th Annual Postgraduate Symposium about the Convergence of Telecommunications, Networking and Broadcasting (2005)Google Scholar
  9. 9.
    Lucena, N., Lewandowski, G., Chapin, S.: Covert channels in iPv6. In: Danezis, G., Martin, D. (eds.) PET 2005. LNCS, vol. 3856, pp. 147–166. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  10. 10.
    Mejia-Nogales, J.L., Vidal-Beltran, S., Lopez-Bonilla, J.L.: Design and implementation of a secure access system to information resources for ieee 802.11 wireless networks. In: CERMA 2006: Proceedings of the Electronics, Robotics and Automotive Mechanics Conference (CERMA 2006) (2006)Google Scholar
  11. 11.
    Ray, B., Mishra, S.: Secure and reliable covert channel. In: CSIIRW 2008: Proceedings of the 4th annual workshop on Cyber security and informaiton intelligence research (2008)Google Scholar
  12. 12.
    Rowland, C.H.: Covert channels in the TCP/IP protocol suite. First Monday 2(5) (1997)Google Scholar
  13. 13.
    Zanders, S., Armitage, G., Branch, P.: Covert channels and countermeasures in computer network protocols. IEEE Communications Magazines 45(12) (2007)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Lucas Nussbaum
    • 1
  • Pierre Neyron
    • 2
  • Olivier Richard
    • 3
  1. 1.LIP, ENS LyonFrance
  2. 2.INRIAFrance
  3. 3.Laboratoire d’Informatique de GrenobleFrance

Personalised recommendations