On the Viability and Performance of DNS Tunneling

DNS tunnels are network covert channels that allow the transmission of arbitrary data using the DNS infrastructure. Users can use such tunnels to hide their communication sessions in order to bypass local security and accounting policies. Hence, it is important that we investigate the viability and performance of DNS tunneling. Our results show that clients can obtain up to 110 KB/s in throughput, and delays as low as 150ms. These results, however, incur very high overheads. In the worst case, clients generate up to 2000% more traffic!
 
[pdf]

The 5th International Conference on Information Technology and Applications (ICITA'08), Cairns, Australia, June 23-26, 2008.