Dns2TCP Service Detection

info Nessus Plugin ID 34325

Synopsis

A network service is listening on the remote host.

Description

The remote service supports the DNS-to-TCP protocol. This protocol hides network traffic protocols by embedding the traffic within seemingly innocuous DNS queries. This service can be used to bypass firewalls or proxies by obfuscating the true protocol within the DNS protocol.

Solution

Ensure that such services are allowed with respect network policies and guidelines. Limit incoming traffic to this port if desired.

See Also

https://www2.deloitte.com/fr/fr/pages/risque-compliance-et-controle-interne/articles/cyber-academy.html/ressources/outils/dns2tcp/index.html.en

Plugin Details

Severity: Info

ID: 34325

File Name: dns2tcp_detect.nasl

Version: 1.13

Type: remote

Family: DNS

Published: 10/2/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Asset Inventory: true

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:hsc:dns2tcp