mailing list archives
Webroot Desktop Firewall <=184.108.40.206 DNS recursion
From: komarov () itdefence ru
Date: 28 Oct 2007 09:40:24 -0000
Webroot Desktop Firewall 220.127.116.11
Author: Komarov Andrej (komarov () itdefence ru
The Webroot Desktop Firewall secures your computer from Internet threats and reduces the risks of being a victim of
online crimes. Unlike the Windows XP and Vista Firewall, Webroot Desktop Firewall combines intelligent firewall
technology with intrusion prevention for inbound and outbound protection that is both powerful and easy to use.
DNS tunnelling involves inserting data into the DNS packet using "space" in the packet that can take additional data.
For example, A DNS packet can contain a TXT record into which any text, up to 220 bytes, can be inserted. You fragment
the data, maybe an HTTP request, add it to the packet, and send the modified DNS traffic over the web to a receiving
server. It recompiles the sent data, and enables internet access. DNS packets can be used to transfer extra data and
this is why they should be controlled by firewalls as any other packets.
Windows DNS API using can help an attacker to make data transfer possible. If the successfull recursive DNS query for
x-site is done, it is possible to transfer information from your computer past personal and network firewalls. There
is a "stealth" way of DNS connectivity checking using Windows System Services (services.exe / svchost.exe) and if it is
not controlled there is a possibility of covert channel creating.
NSTX-suite by Florian Heinz and Julien Oster (http://nstx.dereference.de)
Gray-World NET Team (http://gray-world.net/papers.shtml)
The DNS-shaped holes that one cuts into firewalls.
DNSTest by Jarkko Turkulainen (http://www.klake.org/~jt/dnshell/)
- Webroot Desktop Firewall <=18.104.22.168 DNS recursion komarov (Oct 29)