Information Technology Reference
In-Depth Information
•
TUNS.
It shows the lower performance in all configurations. Throughput and RTT
are too low and too high, respectively, making hard its use for building channels
exploitable by real applications. However, it shows a good overhead value and, dif-
ferently from the other tools, its performance and design characteristics make it
particularly reliable in choke networks.
•
OzyManDNS.
We were not able to assess the performance of OzyManDNS since
it has revealed to be too buggy for an exhaustive evaluation. In particular, each test
had crashed after few seconds. Thus, we argue that this tool is too unstable to be
effectively used in real scenarios.
Fig. 3.
A throughput test in the NAT configuration
6 Conclusions and Future Works
In this paper we have comparatively analyzed the characteristics of the current state-
of-the-art in DNS Tunneling tools, providing both a testing environment and a brief
and global analysis of the whole set of results. Such analysis allowed us to relate a
relationship among values of the test metrics to a proper tool. Further work will re-
gard the exhaustive and detailed analysis of the results and a behavioral analysis of
the tools for intrusion detection and security purposes.
References
[1]
Llamas, D., Allison, C., Miller, A.: Covert Channels in Internet Protocols:A Survey. In:
6th Annual Postgraduate Symposium about Convergence of Telecommunications,
Networking and Broadcasting (2005)
[2]
Rowland, C.H.: Covert channels in the TCP/IP Protocols Suite. First Monday 2(5) (1997)
[3]
Zander, S., Armitage, G., Branch, P.: Covert channels and countermeasuresin computer
network protocols. IEEE Communication Magazine 45(12) (2007)
Search WWH ::
Custom Search