Are you sure you don’t mean rogue connections? From: [email protected] [mailto:[email protected]] On Behalf Of Micheal Espinola Jr Sent: Friday, October 16, 2015 8:17 PM To: [email protected] Subject: Re: [NTSysADM] C2 tunneling over DNS
Anything can be "tunneled". In this case, restrict DNS to specific servers (internal and/or external) to prevent rouge connections. -- Espi On Fri, Oct 16, 2015 at 7:59 PM, Richard Stovall <[email protected]<mailto:[email protected]>> wrote: I had not heard of this before. https://zeltser.com/c2-dns-tunneling/ How in the world can most SMBs ever begin to beat back this kind of stuff?
