Bezpečnostní rizika služby DNS

Thumbnail Image

Files

SLO0157_FEI_B0714A060008_2025.pdf (2.52 MB)
SLO0157_FEI_B0714A060008_2025_zadani.pdf (116.86 KB)
SLO0157_FEI_B0714A060008_2025_posudek_vedouci_Rezac_Filip.pdf (142.43 KB)
SLO0157_FEI_B0714A060008_2025_posudek_oponent_Kapicak_Lukas.pdf (141.97 KB)
SLO0157_FEI_B0714A060008_2025_zaznam_z_obhajoby.pdf (63.06 KB)

Downloads

0

Date issued

2025

Authors

Journal Title

Journal ISSN

Volume Title

Publisher

Vysoká škola báňská – Technická univerzita Ostrava

Location

Signature

Abstract

This bachelor's thesis deals with the security risks associated with the Domain Name System (DNS) service, which is essential for the functioning of the internet, yet simultaneously provides a space for various cyber-attacks. The thesis specifically focuses on the analysis of the DNS tunneling technique, which allows attackers to abuse the DNS protocol for covert communication, bypassing security mechanisms, controlling malware (Command and Control - C2), and the hidden theft (exfiltration) of sensitive data. The aim of the thesis was to explore in detail the principles of DNS operation and DNS tunneling mechanisms, and to analyze and compare available tools for its implementation, from which Iodine and DnsCat2 were selected for practical testing. Subsequently, the thesis aimed to practically demonstrate the attack in a test environment and evaluate its effectiveness based on defined metrics such as transfer speed, latency, detectability, and tunnel stability. Another goal was to propose effective countermeasures.

Description

Subject(s)

DNS, DNS security, DNS tunneling, Iodine, DnsCat2, network security, C2 communication, data exfiltration, countermeasures, cybersecurity

Citation

Item identifier

http://hdl.handle.net/10084/157000

Collections

Vysokoškolské kvalifikační práce Fakulty elektrotechniky a informatiky / Theses and dissertations of Faculty of Electrical Engineering and Computer Science (FEI)