EvilZone

Hacking and Security => Tutorials => : syn-ack May 31, 2014, 08:33:31 AM

: reverse shell ncat-ssh with dns2tcp dnstunelling
: syn-ack May 31, 2014, 08:33:31 AM

already removed...

: Re: reverse shell ncat-ssh with dns2tcp dnstunelling
: frog May 31, 2014, 10:11:24 AM

This is very cool; too bad I don't have a domain. I was thinking about how one would look for this kind of traffic on the network.

Looking for abnormally large dns packets, whether tcp or udp would probably work. You could build a custom sniffer to analyze the traffic and do packet size measurements, then log it with the corresponding ip addresses on the lan and you're in business.

You think any modern intrusion detection/prevention software looks for this sort of thing?

: Re: reverse shell ncat-ssh with dns2tcp dnstunelling
: syn-ack May 31, 2014, 06:01:30 PM

already removed