Interesting, the Dnssec records with their by definition random and large content seems to be the most interesting vehicle, at least at first sight.
Will e.g. the google DNS server or any other resolver deliver and fetch this data? At the moment I can't think of any reason it should not do so. To really block this, I think you would need to actually verify the correctness of the data. On 17-06-2018 08.43, Blason R wrote: > Hi Team, > > Can someone please guide if DNS exfiltration techniques can be > identified using DNS RPZ? Or do I need to install any other third > party tool like IDS to identify the the DNS beacon channels. > > Has anyone used DNS RPZ to block/detect data exfiltration? > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Best regards Sten Carlsen No improvements come from shouting: "MALE BOVINE MANURE!!!"
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users