Dnscat2.DNS.Tunnel
Description
This indicates an attempt to use Dnscat2 DNS Tunnel.
Dnscat2 is a proxy tool that can tunnel data over DNS to bypass firewall policy. Some malware and APT attacks have used Dnscat2 to communicate with C&C servers.
Affected Products
All systems
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Monitor the traffic from the network for any suspicious activity.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |