Abstract
DNS Tunnels are built through proper tools that allow embedding data on DNS queries and response. Each tool has its own approach to the building tunnels in DNS that differently affects the network performance. In this paper, we propose a brief architectural analysis of the current state-of-the-art of DNS Tunneling tools. Then, we propose the first comparative analysis of such tools in term of performance, as a first step towards the possibility to relate each tool with a proper behavior of DNS traffic. To this aim, we define an assessment of the tools in three different network configurations with three different performance metrics. We finally summarize the most interesting results and provide some considerations on the performance of each tool.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Llamas, D., Allison, C., Miller, A.: Covert Channels in Internet Protocols:A Survey. In: 6th Annual Postgraduate Symposium about Convergence of Telecommunications, Networking and Broadcasting (2005)
Rowland, C.H.: Covert channels in the TCP/IP Protocols Suite. First Monday 2(5) (1997)
Zander, S., Armitage, G., Branch, P.: Covert channels and countermeasuresin computer network protocols. IEEE Communication Magazine 45(12) (2007)
Freire, E.P., Ziviani, A., Salles, R.M.: Detecting Skype flowsin Web traffic. In: Network Operations and Management Symposium, NOMS 2008, April 7-11, pp. 89–96. IEEE, Los Alamitos (2008), doi:10.1109/NOMS.2008.4575121
Liberatore, M., Levine, B.N.: Inferring the source of encrypted HTTP connections. In: Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS 2006), pp. 255–263. ACM, New York (2006)
Hopper, N., Vasserman, E.Y., Chan-Tin, E.: How much anonymitydoes network latency leak? In: Proc. of the 14th ACM Conf. on Computer and Communications Security, CCS 2007 (2007)
Xu, K., Zhang, Z., Bhattacharyya, S.: Profiling internet backbone traffic: behavior models and applications. SIGCOMM Comput. Commun. Rev. 35(4), 169–180 (2005)
Wright, C.V., Monrose, F., Masson, G.M.: On Inferring ApplicationProtocol Behaviors in Encrypted Network Traffic. J. Mach. Learn. Res. 7, 2745–2769 (2006)
Karasaridis, A., Meier-Hellstern, K., Hoein, D.: Detection of DNS Anomalies using Flow Data Analysis. In: Global TelecommunicationsConference, GLOBECOM 2006, November 27 -December 1, pp. 1–6. IEEE, Los Alamitos (2006), doi:0.1109/GLOCOM.2006.280
Born, K., Gustafson, D.: Detecting DNS Tunnels Using Character Frequency Analysis. In: Proceedings of the 9th Annual Security Conference, LasVegas, NV, April 7-8 (2010)
van Leijenhorst, T., Lowe, D., Chin, K.-W.: On the Viability and Performance of DNS Tunneling. In: The 5th International Conference on InformationTechnology and Applications (ICITA 2008), Cairns, Australia, June 23-26 (2008)
Nussbaum, L., Neyron, P., Richard, O.: On Robust Covert ChannelsInside DNS. Emerging Challenges for Security, Privacy and Trust. In: IFIPAdvances in Information and Communication Technology. Springer, Boston (2009)
NSTX (October 2003), http://nstx.sourceforge.net/
DNSCat (October 2004), http://tadek.pietraszek.org/projects/DNScat/
Iodine (February 2010), http://code.kryo.se/iodine/
DNS2TCP, http://www.hsc.fr/ressources/outils/dns2tcp/index.html.en
Ozyman, http://www.cship.info/mirror/dnstunnel/ozymandns_src0.1.tgz
Hping, http://www.hping.org/
WireShark, http://www.wireshark.org
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Merlo, A., Papaleo, G., Veneziano, S., Aiello, M. (2011). A Comparative Performance Evaluation of DNS Tunneling Tools. In: Herrero, Á., Corchado, E. (eds) Computational Intelligence in Security for Information Systems. Lecture Notes in Computer Science, vol 6694. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21323-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-21323-6_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21322-9
Online ISBN: 978-3-642-21323-6
eBook Packages: Computer ScienceComputer Science (R0)