Information Technology Reference
In-Depth Information
In practical terms, a DNS covert channel can be used to send logs invisibly from
branch systems to a centralized SecSyslog server at another site miles away, by sim-
ply 'bouncing' the data off the DNS at the second branch's premises. What better
solution to send
syslog
messages between geographically distant locations transpar-
ently and almost invisibly? What better way to hide a data flow than passing under
the nose of anyone wishing to intercept the messages?
Such considerations explain why sending logs with SecSyslog via a covert channel
is so powerful, and why DNS tunneling provides an excellent solution to the problem.
5 . 7
S u g g e s t e d I m p l e m e n t a t i o n
Figure 10
shows a rough diagram of how the SecSyslog project might work. Below
we describe the problems faced and the solutions that we are examining to resolve
them. As the project is still only at the design stage, these might not be the best or
most workable solutions, but it illustrates a possible application of DNS to establish
a covert channel.
F
IG
. 10. Project.
