Methods and tools exist that use DNS packets to smuggle in data and avoid checks, for example by the firewall. This data tunnel can then be used to transport any data via the DNS protocol. Although this method conforms to the protocol’s standards, the establishment of these tunnels should be prevented under certain circumstances. The data tunnels are detected according to certain characteristics or properties of the DNS packets.
LANconfig:
Command prompt:
- Activated
- The tunnel filter can be switched on and off with this switch.
- Minimum TTL
- Minimum TTL after which resource records are accepted. If a record (with the exception of A and AAAA) has a smaller TTL, the entire packet is discarded. Area: 0-99; Default: 5
- Address limit
- Maximum number of A and AAAA records with a TTL smaller than the minimum TTL that are still accepted before the complete packet is discarded. Area: 0-99; Default: 3
