Black Ops of DNS
Toorcon 2004

Your Friendly Investigator

The Subject Of Our Investigation

The Nature Of Our Investigation

The Totally Expected And Well Known Homology Within The Structure of DNS

Arbitrary Data Detail

Unexpected Homologies Within The Structure of DNS

Pause for Impact

Weapon of Choice

DNS Tunneling[0]:  Starting Simple

DNS Tunneling[1]:  Who’s doing it?

DNS Tunneling[2]: Another Approach

DNS Tunneling[3]:
Problems

DNS Tunneling[4]:
Mini-HTTP

DNS Tunneling[5]:  Routing through droute

So Egress Is Feasible…

Alice Wears Two Hats.

DNS Source Routing[0]:
The Problem At Hand

DNS Source Routing[1]: HOWTO

DNS Source Routing[2]: The Easy Fix?

DNS Source Routing[3]: Induced Recursion

DNS Source Routing[4]:
   Recursion-As-Route Intro

DNS Source Routing[5]:
   Recursion-As-Route Continues

Aside:  Don’t just log the PTR name, please.

More Risks of Open Recursion

Single-Bit Data Transfer[0]: HOWTO

Single-Bit Data Transfer[1]:  Implications

Last Modified over DNS[0]

Last Modified over DNS[1]

Domaincast[0]

Domaincast[1]

Domaincast[2]

But What Of Streams?

KDNS[0]

KDNS[1]

KDNS[2]

KDNS[3]

Conclusions