What is another indicator of DNS tunneling?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

What is another indicator of DNS tunneling?

Explanation:
DNS tunneling creates data flow by issuing many DNS queries, so an unusually high volume of DNS queries is a strong indicator. When data is encoded in subdomain lookups, the traffic rate can rise well above normal client activity and persist across multiple destinations, signaling a covert channel using DNS. Other signs like DNS over HTTPS or unusually large responses can occur in various contexts, and bursts of queries can have legitimate causes, but they don’t pinpoint tunneling as clearly as a sustained spike in query volume.

DNS tunneling creates data flow by issuing many DNS queries, so an unusually high volume of DNS queries is a strong indicator. When data is encoded in subdomain lookups, the traffic rate can rise well above normal client activity and persist across multiple destinations, signaling a covert channel using DNS. Other signs like DNS over HTTPS or unusually large responses can occur in various contexts, and bursts of queries can have legitimate causes, but they don’t pinpoint tunneling as clearly as a sustained spike in query volume.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy