icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

DNS Tunneling Server Detection (HTTP)

Info

Synopsis

The remote client appears to be a server that is used to tunnel traffic.

Description

The remote client appears to be a server that is used to tunnel traffic. There are a number of DNS tunneling clients that allow internal hosts to bypass firewall and proxy inspection.

Solution

Manually inspect both traffic and client to ensure that such usage is in alignment with existing policies and guidelines.