Intrusion Prevention

Generic.DNS.Tunnel.Detection.Variant.A

Description

This indicates detection of suspicious traffics that might be from a DNS Tunnel.
DNS tunnels are proxy tools that can tunnel data over DNS to bypass firewall policy. Some malware and APT attacks have used DNS tunnels to communicate with C&C servers.

Affected Products

All systems

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Monitor traffics from the network for any suspicious activity.