Author Topic: reverse shell ncat-ssh with dns2tcp dnstunelling  (Read 1329 times)

0 Members and 1 Guest are viewing this topic.

Offline syn-ack

  • NULL
  • Posts: 2
  • Cookies: 0
    • View Profile
reverse shell ncat-ssh with dns2tcp dnstunelling
« on: May 31, 2014, 08:33:31 am »

already removed...
« Last Edit: June 05, 2014, 02:02:09 am by syn-ack »

Offline frog

  • Knight
  • **
  • Posts: 232
  • Cookies: 16
    • View Profile
Re: reverse shell ncat-ssh with dns2tcp dnstunelling
« Reply #1 on: May 31, 2014, 10:11:24 am »
This is very cool; too bad I don't have a domain. I was thinking about how one would look for this kind of traffic on the network.

Looking for abnormally large dns packets, whether tcp or udp would probably work. You could build a custom sniffer to analyze the traffic and do packet size measurements, then log it with the corresponding ip addresses on the lan and you're in business.

You think any modern intrusion detection/prevention software looks for this sort of thing?

Offline syn-ack

  • NULL
  • Posts: 2
  • Cookies: 0
    • View Profile
Re: reverse shell ncat-ssh with dns2tcp dnstunelling
« Reply #2 on: May 31, 2014, 06:01:30 pm »
already removed


« Last Edit: June 05, 2014, 02:02:47 am by syn-ack »