312-50V11 · Question #314
Which of the following is a client-server tool utilized to evade firewall inspection?
The correct answer is A. tcp-over-dns. tcp-over-dns tunnels TCP traffic inside DNS queries and responses, allowing data to bypass firewalls that permit DNS traffic.
Question
Which of the following is a client-server tool utilized to evade firewall inspection?
Options
- Atcp-over-dns
- Bkismet
- Cnikto
- Dhping
How the community answered
(45 responses)- A93% (42)
- C2% (1)
- D4% (2)
Why each option
tcp-over-dns tunnels TCP traffic inside DNS queries and responses, allowing data to bypass firewalls that permit DNS traffic.
tcp-over-dns is a client-server tunneling tool that encapsulates TCP payloads within DNS protocol packets, exploiting the fact that most firewalls and perimeter devices allow outbound DNS (UDP/TCP port 53). Because the traffic appears as legitimate DNS communication, deep-packet firewall inspection is evaded. A DNS server component decapsulates and forwards the traffic on the attacker-controlled side.
Kismet is a wireless network detector and packet sniffer, not a tool for tunneling traffic through firewalls.
Nikto is a web server vulnerability scanner, not a firewall evasion or tunneling tool.
hping is a packet crafting and port scanning utility; while it can manipulate packets, it is not a client-server DNS tunneling tool designed specifically for firewall evasion.
Concept tested: DNS tunneling for firewall evasion
Source: https://www.sans.org/reading-room/whitepapers/dns/detecting-dns-tunneling-34152
Topics
Community Discussion
No community discussion yet for this question.