TUNNELLING WITH PROTOCOLS FOR WHICH THIS IS NOT THE PRIMARY PURPOSE
DOI:
https://doi.org/10.24867/19BE02SalicKeywords:
Tunneling, Protocols, AttacksAbstract
This paper includes a description of the principles of the tunneling process and the basic types of tunneling methods. In addition, it contains an overview of the tunneling protocols most commonly used for this purpose, with a description of how they work, as well as an overview of the protocols that can also be used for this purpose, although this is not their primary purpose. In this regard, possible malicious attacks using them are described, as well as tools that can be used to detect and prevent them. Finally, an example of tunneling implementation is presented in detail using one of the protocols for which tuneling is not the main purpose - ICMP protocol. During the implementation, the Icmpsh tool was used, and alternative tools were mentioned. This tool was chosen because it does not require administrative privileges to be run on the "victim's" machine and is very portable.
References
[2] What is ICMP tunneling and how to protect against it (https://www.extrahop.com/company/blog/2021/detect-and-stop-icmp-tunneling/)
[3] DNS Tunneling – how DNS can be (ab)used by malicious actors (https://unit42.paloaltonetworks.com/dns-tunneling-how-dns-can-be-abused-by-malicious-actors/)
[4] Cloudfare, What is DNS | How DNS works (https://www.cloudflare.com/learning/dns/what-is-dns/)
[5] Working of DNS Server (https://www.geeksforgeeks.org/working-of-domain-name-system-dns-server/)
[6] What is DNS tunneling and how to protect against it (https://www.extrahop.com/company/blog/2020/dns-tunneling-definition-and-protection/)
[7] DNS tunneling: How it works, Detection and Prevention (https://www.neuralegion.com/blog/dns-tunneling/)
[8] 'Setting up a VPN' SkillSoft Press 2002.
[9] What is GRE tunneling? | How GRE tunneling works (https://www.cloudflare.com/learning/network-layer/what-is-gre-tunneling/)
[10] OpenVPN (https://openvpn.net/)
[11] What is L2TP and how does it work (https://www.techtarget.com/searchnetworking/definition/Layer-Two-Tunneling-Protocol-L2TP)
[12] GRE configuration with IPSec (https://systemzone.net/mikrotik-site-to-site-gre-tunnel-configuration-with-ipsec/)
[13] SSTP (https://help.mikrotik.com/docs/display/ROS/SSTP)
[14] Yamaha, L2TP/IPSec (https://www.yamaha.com/products/en/network/techdocs/vpn/l2tp_ipsec/)
[15] DNS tunneling (https://www.cynet.com/attack-techniques-hands-on/how-hackers-use-dns-tunneling-to-own-your-network/)
