Akademik Veri Yönetim Sistemi
International Journal of Computer Science and Mobile Computing, cilt.8, sa.1, ss.154-162, 2019 (Scopus)
DNS is a basic protocol that allows web applications such as browsers to work based on domain
names. DNS’s purpose is not creating a command channel or a basic tunneling. But, in order to creating a basic
tunneling, many helper applications have been developed. Because of not being designed for general data
transmission, DNS is less noticeable than other protocols. The malicious people who perform the cyber-attack
know that DNS is a well-structured and reliable protocol. These people are also aware that many organizations
do not control DNS traffic for malicious activity. With DNS tunneling, cyber criminals can easily install rogue
software on these vulnerable systems or add stolen information to DNS queries and create a confidential
communication channel across most firewalls. Although the DNS tunnel has some legitimate uses, many
tunneling examples are intended to damage it. There are many current tunneling set of tools on the internet, so
DNS tunneling has become a fairly easy process that does not need a separate technical expertise. At the same
time, DNS tunneling is often used in very complex and massive attacks, including those supported mostly by
nation states or directly governed by the nation state. In this research paper, DNS tunnels are reviewed and dns
packet size was tested for detection of dns tunneling. In the result we examined that if taking only dns packet size
into account is enough to detect dns tunneling in a network or not and also calculated packet size mitigation
accuracy for our future work. We prepared a data pool and test pool to calculate accuracy of test. And we shared
accuracy of checking only packet size approach.