DNS filter for DNS data tunnels

Methods and tools exist that use DNS packets to smuggle in data and avoid checks, for example by the firewall. This data tunnel can then be used to transport any data via the DNS protocol. Although this method conforms to the protocol’s standards, the establishment of these tunnels should be prevented under certain circumstances. The data tunnels are detected according to certain characteristics or properties of the DNS packets.





LANconfig: DNS > Filter/Aliases > DNS tunnel filter

Command prompt: Setup > DNS > Tunnel-Filter

Activated
The tunnel filter can be switched on and off with this switch.
Minimum TTL
Minimum TTL after which resource records are accepted. If a record (with the exception of A and AAAA) has a smaller TTL, the entire packet is discarded. Area: 0-99; Default: 5
Address limit
Maximum number of A and AAAA records with a TTL smaller than the minimum TTL that are still accepted before the complete packet is discarded. Area: 0-99; Default: 3

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo