NXDOMAIN data leakage prevention
Chris
Public2 at xymox1.com
Mon Oct 1 11:03:47 UTC 2018
I was reading a disturbing article on ways that DNS can be used to get
data past firewalls and for malicious programs to communicate with a
command and control center via DNS NXDOMAIN.
Right off hand I dont see a way to block this ? Looking at my NXDOMAIN
lookups its quite pervasive and coming from a large number of sources.
Its clearly being used by A LOT of people.
Is there a way I can use Unbound to mitigate this threat ? This is a
serious issue because i don't see how to block this.
https://www.plixer.com/blog/detecting-malware/security-vendors-teaching-bad-actors-how-to-get-past-firewalls/
More information about the Unbound-users
mailing list