Remember a few months ago, I posted a piece via Engadget about Cisco’s Talos team finding bot control traffic in DNS data. Now MDSec have produced and published a proof of concept code for this. MDSec are security consulting and education company based in the UK. The publish the Web and Mobile Application Hacker’s Handbook series.
DNS is able to carry information through firewalls as it’s a necessary part of the Internet infrastructure. It is also very extensible, allowing different uses of some of the fields. This means that it penetrates the firewalls with little or no checking, and with can carry all sorts of good payloads, such as Application Signalling, as well as in the malicious use that Talos spotted.
It’s now getting important to use tools that can capture and sanitize DNS queries within a network.