DNS Tunneling Client Detection (port 25 non-tcp)
Info Nessus Network Monitor Plugin ID 4975
SynopsisThe remote client appears to be tunneling traffic over a DNS server.
DescriptionThe remote client appears to be tunneling traffic over a DNS server. There are a number of DNS tunneling clients that allow internal hosts to bypass firewall and proxy inspection.
SolutionManually inspect both traffic and client to ensure that such usage is in alignment with existing policies and guidelines.