In this post, I cover the topic of DNS tunneling. Recently in Humanities, we’ve been learning about disruption in our society, and we read a book called Little Brother whos theme is disruption. Little Brother is a free book by Cory Doctorow, you can download it from his blog here.  The book gives a brief description of DNS tunneling and I chose to learn more about it in a research project.

Introduction – Definition

DNS, or the Domain Name System, associates a URL (a URL is what you type into a search bar on google) such as www.seycove.com, with its corresponding IP (internet protocol) address. An IP address is a numeric code that defines a specific server, such as 172.16.254.1. When you type in the address, www.seycove.com, your device sends a request to the DNS to find the matching IP address for the site. You can’t access anything on the internet without the corresponding IP address.

The DNS is the internet’s form of a Yellow Pages book.

How does DNS work?

The search for the IP address involves a hierarchy of servers, beginning with your own operating system. When the browser sends a request, the operating system first checks if it knows the IP address. If it does not know, the request is sent to the Root Name Server (RNS), and if the RNS can’t find the IP address the request goes to the Top Level Domain Server (TLD). If the TLD does not have the answer, the request is forwarded to the Authoritative Name Server (ANS). When a domain name is registered, it is assigned to a specific ANS. The ANS then sends the answer back to the operating system, and the webpage is connected.

I used this video a lot when researching about DNS:

Where is DNS mentioned in the book Little Brother?

In chapter 17 Marcus Yallow has an online conversation with a girl named Masha over something called the Xnet, an under the radar search and communication tool, the equivalent to today’s deep web, but less dark. Masha is a 17-year-old girl hired by the DHS (Department of Homeland Security) to spy on Xnet actives. The DHC think the Xnet is where terrorists plan their next attacks, but it’s really just a place where kids who resent their city being turned into a police state can talk. Masha says that Marcus is in trouble and that it’s just a matter of time until the DHC finds Marcus through the Xnet. She wants to get him out of the city. Marcus didn’t believe her. She then sends him a video of a DHS conference room where they talk about the threat of the Xnet, and their plans to shut down the community. The video was sent through a hack called DNS tunneling which hides it from security monitoring. Masha broke the video into billions of pieces and attached each piece to a different DNS request. She also gave Marcus a code to retrieve the pieces and reassemble them.

DNS tunneling in our world.

DNS tunneling is a hack that uses DNS queries to carry small packets of data. DNS based attacks have been common since the early 2000s, but because DNS queries do not carry general information there are not many security filters in place. It is believed that over 40% of organizations have been a victim of DNS based attacks. DNS tunneling is used to transmit information that remains invisible to authorities and can be used by hackers to take over servers. Last year Lloyds Bank was the victim of a Distributed Denial of Service attack (DDoS) when hackers tunneled into their network, took control, and shut down their access.

Disruption due to DNS tunneling attacks

If hackers are able to launch DDoS attacks against government, financial institutions, the military, or any other organization that is part of our daily lives, the disruption to our society would be catastrophic. Underworld agents would be able to carry out their plans without interference from the government. Society would be forced to go back to operating the way they did in the 1970’s, before the internet.

Michael Van Laethem

Links: 

Videos –

YouTube, 27 Feb. 2012, youtu.be/72snZctFFtA/.

“IP addresses and DNS.” Khan Academy, www.khanacademy.org/computing/computer-science/internet-intro/internet-works-intro/v/the-internet-ip-addresses-and-dns.

Books –

Kirk. “Little Brother by Cory Doctorow.” Guys Lit Wire, 1 Jan. 1970, guyslitwire.blogspot.ca/2015/08/little-brother-by-cory-doctorow.html.

Websites –

“Ignoring DNS Security Carries Serious Consequences for Business | IT Briefcase.” IT Briefcase Ignoring DNS Security Carries Serious Consequences for Business Comments, www.itbriefcase.net/ignoring-dns-security-carries-serious-consequences-for-business.

“The Nuts and Bolts of Detecting DNS Tunneling.” Cybersecurity Insiders, 9 Mar. 2017, www.cybersecurity-insiders.com/the-nuts-and-bolts-of-detecting-dns-tunneling-2/.

Pictures –

“How Domain Name Servers Work.” HowStuffWorks, 1 Apr. 2000, computer.howstuffworks.com/dns.htm.

Kirk. “Little Brother by Cory Doctorow.” Guys Lit Wire, 1 Jan. 1970, guyslitwire.blogspot.ca/2015/08/little-brother-by-cory-doctorow.html.