DNS Tunneling Client Detection (port 80 non-TCP)

Info Nessus Network Monitor Plugin ID 4969


The remote client appears to be a server that is used to tunnel traffic.


The remote client appears to be tunneling traffic over a DNS server. There are a number of DNS tunneling clients that allow internal hosts to bypass firewall and proxy inspection.


Manually inspect both traffic and client to ensure that such usage is in alignment with existing policies and guidelines.

Plugin Details

Severity: Info

ID: 4969

Family: Policy

Published: 2009/03/25

Modified: 2015/06/01

Risk Information

Risk Factor: Info