DNS Tunnelling: What is it and How Can it be Avoided?

First, let’s deal with what exactly is a Domain Name System (DNS). DNS also known as the phone book of internet maintains a varied database of networks, names and addresses, and provides the computers with means to remotely query or in simple words access the database. The name and addresses are converted into an Internet Protocol address by the DNS, which is in a machine friendly language, for computers to access the website based on the IP addresses. When you type in any sites web address, your Internet Service Provider checks out the domain name associated with it, converts the address into IP address for the computer to read and then directs you to the associated website.

What DNS Tunnelling or hacking does is instead of directing to the website pertaining to the typed address, it alters the IP setting and points to an unauthorised DNS server thereby altering the user DNS settings. In simple words the attacker now takes control of the DNS server and can now redirect you to any site he wants irrespective of the domain name or the IP address this is why DNS Tunnelling is sometimes referred to as DNS redirection.

Problems regarding DNS hacking were quite common at the start of internet and though today the DNS are quite robust and secured, chances are still there of an attackers can getting a fix which can cause the user great problems.

Dangers that DNS Tunnelling pose are:

  • The first kind is where the attacker hacks into the DNS server and redirects the user to a fake website; this generally is the one with more advertisements and pop-ups. This done by the hackers to generate advertising revenue.
  • The second one is rather more dangerous as it results the user data and personal information to be leaked. Attacker’s redirects the user to a site whose design is similar to the one requested by the user, tricking the user to give away details and personal information.

Apart from the above mentioned dangers sometime DNS tunnelling is also used by the service providers for branding and also to collect statistical data. This may not pose any threat to the user but is still a violation of user privacy and internet policies.

How DNS Tunnelling can be avoided

Today a lot of care is taken in making the DNS more secured and robust, Companies are ready to spend millions of dollars so that their data is secured and the customers don’t have to face any inconveniences. But still chances are always there that someone can get a fix, so here are a few things that can be done to avoid DNS tunnelling:

  • The most common technique that the attackers use is that of malware software’s and programs which are offered as free utilities on websites. So in order to stay protected it is recommended that user should not browse and download any free stuff from websites which are not trusted.
  • User should change the default password that the router comes with as attackers can make use of this password to change the router settings and gain control of the DNS control panel. Installing good antivirus software and keeping it updated would also help in keeping the computer secure and free from hijacking.
  • What companies can do to limit DNS tunnelling is programming the server in such a way that it only responds to request or domain addresses that are present in the domain name database. If the DNS responds to every request from any domain then it make the server vulnerable and open to threats. Even for internal DNS servers, requests coming only from authorised computers should be queried.
  • Use the services of a professional company such as BlueCat who can keep your DNS services up 24/7 while using sophisticated security systems

Above discussed methods are just a few of the many techniques that can be used to avoid DNS Tunnelling, user should also keep a check on the DNS setting and make sure that the domain names which are blacklisted are not being used by the server.

Back to home