When the DNS becomes a "Backdoor"

One of the major risks faced by the majority of private and public companies is, of course, data theft.

In practice, the DNS proves to be an asset for cyber criminals to carry out their plan. Because we usually find that it is almost never inspected during security checks.

This article will also interest you: Would Firefox's DNS-over-HTTPS (DoH) be bad?

"The DNS can be seen as a globally deployed routing and cache network that connects both the public and private Internet. according to Dan Kaminsky. That is why we are questioning the safety of the DNS. Isn't it a gateway for hackers to access important, even sensitive, data?

in practical yes this is totally possible. Because despite the different modern strategies used by companies to secure their information systems, cyber criminals still have the right to infiltrate them through the DNS. Through which, they inject codes malicious, steal data or hijack traffic.

But first let's try to determine the different ways for hackers to take advantage of the DNS vulnerabilities

1- The theft of sensitive data

Regarding the use of DNS for data exfiltration Jacques Macherel, CEO eb-Qual SA, noted: "In the case of a attempt to exfiltration of data, the drastic increase in queries exit from the network should make it easy to detect transport maltention of data. However, this is not always the case because, in order to avoid cybercriminals are full of tricks, such as the 'Slow Drip," where the sending of queries to the DNS is slowed down in order to remain discreet and Don't trigger an alert or the spoofing of IP addresses, where the IP source is rewritten in the queries, giving the impression that these come from different customers. A network security that works should be able to prevent this at the switch ports, but this is not often not the case. »

2- Fraudulent access to networks

To place malicious codes in their system hackers also have the opportunity to use the DNS for that. If they are competent, they will even be able to manipulate the codes in such a way that to fraudulently gain access to the network and take action in principle reserved for administrators.

3- The DNS Tunneling

this concept is defined by our expert Jacques Macherel. For him: "Tunneling is the method encodes data from another program or protocol in queries or DNS responses. ». He will then add, "Tunneling often includes malicious code that can be used to attack the DNS server and to remotely control servers and applications. ». In general, he said, hackers use the traffic generated IP protocol via the DNS 53 port, allowing them to exploit certain data. "Port 53 is not generally not verified by Firewalls, this is also often the case for firewalls Next-generation Firewall. In addition, various tools available on Internet (Iodine, SplitBrain, etc.) allow the use of tunneling mischievously without the need for much-needed knowledge in the field. » Explain.

On the other hand, we know that detecting DNS attacks is not easy. Especially with passive equipment. Fortunately, this failure can be addressed. Indeed, there are special solutions and even specialists to increase the security base of your data. In addition, manufacturers are increasingly beginning to put in place tools to predict the forms of DNS infringement, thus ensuring the first form of barrier to the use of these tools as a backdoor.

Now access an unlimited number of passwords: