A Comparative Performance Evaluation of DNS Tunneling Tools

  • Alessio Merlo
  • Gianluca Papaleo
  • Stefano Veneziano
  • Maurizio Aiello
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6694)

Abstract

DNS Tunnels are built through proper tools that allow embedding data on DNS queries and response. Each tool has its own approach to the building tunnels in DNS that differently affects the network performance. In this paper, we propose a brief architectural analysis of the current state-of-the-art of DNS Tunneling tools. Then, we propose the first comparative analysis of such tools in term of performance, as a first step towards the possibility to relate each tool with a proper behavior of DNS traffic. To this aim, we define an assessment of the tools in three different network configurations with three different performance metrics. We finally summarize the most interesting results and provide some considerations on the performance of each tool.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Llamas, D., Allison, C., Miller, A.: Covert Channels in Internet Protocols:A Survey. In: 6th Annual Postgraduate Symposium about Convergence of Telecommunications, Networking and Broadcasting (2005)Google Scholar
  2. 2.
    Rowland, C.H.: Covert channels in the TCP/IP Protocols Suite. First Monday 2(5) (1997)Google Scholar
  3. 3.
    Zander, S., Armitage, G., Branch, P.: Covert channels and countermeasuresin computer network protocols. IEEE Communication Magazine 45(12) (2007)Google Scholar
  4. 4.
    Freire, E.P., Ziviani, A., Salles, R.M.: Detecting Skype flowsin Web traffic. In: Network Operations and Management Symposium, NOMS 2008, April 7-11, pp. 89–96. IEEE, Los Alamitos (2008), doi:10.1109/NOMS.2008.4575121CrossRefGoogle Scholar
  5. 5.
    Liberatore, M., Levine, B.N.: Inferring the source of encrypted HTTP connections. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS 2006), pp. 255–263. ACM, New York (2006)Google Scholar
  6. 6.
    Hopper, N., Vasserman, E.Y., Chan-Tin, E.: How much anonymitydoes network latency leak? In: Proc. of the 14th ACM Conf. on Computer and Communications Security, CCS 2007 (2007)Google Scholar
  7. 7.
    Xu, K., Zhang, Z., Bhattacharyya, S.: Profiling internet backbone traffic: behavior models and applications. SIGCOMM Comput. Commun. Rev. 35(4), 169–180 (2005)CrossRefGoogle Scholar
  8. 8.
    Wright, C.V., Monrose, F., Masson, G.M.: On Inferring ApplicationProtocol Behaviors in Encrypted Network Traffic. J. Mach. Learn. Res. 7, 2745–2769 (2006)MathSciNetMATHGoogle Scholar
  9. 9.
    Karasaridis, A., Meier-Hellstern, K., Hoein, D.: Detection of DNS Anomalies using Flow Data Analysis. In: Global TelecommunicationsConference, GLOBECOM 2006, November 27 -December 1, pp. 1–6. IEEE, Los Alamitos (2006), doi:0.1109/GLOCOM.2006.280Google Scholar
  10. 10.
    Born, K., Gustafson, D.: Detecting DNS Tunnels Using Character Frequency Analysis. In: Proceedings of the 9th Annual Security Conference, LasVegas, NV, April 7-8 (2010)Google Scholar
  11. 11.
    van Leijenhorst, T., Lowe, D., Chin, K.-W.: On the Viability and Performance of DNS Tunneling. In: The 5th International Conference on InformationTechnology and Applications (ICITA 2008), Cairns, Australia, June 23-26 (2008)Google Scholar
  12. 12.
    Nussbaum, L., Neyron, P., Richard, O.: On Robust Covert ChannelsInside DNS. Emerging Challenges for Security, Privacy and Trust. In: IFIPAdvances in Information and Communication Technology. Springer, Boston (2009)Google Scholar
  13. 13.
    NSTX (October 2003), http://nstx.sourceforge.net/
  14. 14.
  15. 15.
    Iodine (February 2010), http://code.kryo.se/iodine/
  16. 16.
  17. 17.
  18. 18.
  19. 19.
  20. 20.
  21. 21.

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Alessio Merlo
    • 1
    • 2
  • Gianluca Papaleo
    • 2
  • Stefano Veneziano
    • 2
  • Maurizio Aiello
    • 2
  1. 1.Dipartimento di Informatica, Sistemistica e Telematica (DIST)University of GenovaGenovaItaly
  2. 2.Istituto di Elettronica ed Ingeneria dell’Informazione e delle Telecomunicazioni (IEIIT-CNR)GenovaItaly

Personalised recommendations