The red ones are easier to spot From: [email protected] [mailto:[email protected]] On Behalf Of Heaton, Joseph@Wildlife Sent: Monday, October 19, 2015 10:25 AM To: '[email protected]' Subject: RE: [NTSysADM] C2 tunneling over DNS
Are you sure you don’t mean rogue connections? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Micheal Espinola Jr Sent: Friday, October 16, 2015 8:17 PM To: [email protected]<mailto:[email protected]> Subject: Re: [NTSysADM] C2 tunneling over DNS Anything can be "tunneled". In this case, restrict DNS to specific servers (internal and/or external) to prevent rouge connections. -- Espi On Fri, Oct 16, 2015 at 7:59 PM, Richard Stovall <[email protected]<mailto:[email protected]>> wrote: I had not heard of this before. https://zeltser.com/c2-dns-tunneling/ How in the world can most SMBs ever begin to beat back this kind of stuff? The information contained in this e-mail, and any attachments hereto, is from The American Society for the Prevention of Cruelty to Animals® (ASPCA®) and is intended only for use by the addressee(s) named herein and may contain privileged and/or confidential information. If you are not the intended recipient(s) of this e-mail, you are hereby notified that any dissemination, distribution, copying or use of the contents of this e-mail, and any attachments hereto, is strictly prohibited unless authorized by the sender. If you have received this e-mail in error, please immediately notify the sender by reply email and permanently delete this e-mail and any printout thereof.
