Generic.DNS.Tunnel.Detection.Variant.A
Description
This indicates detection of suspicious traffics that might be from a DNS Tunnel.
DNS tunnels are proxy tools that can tunnel data over DNS to bypass firewall policy. Some malware and APT attacks have used DNS tunnels to communicate with C&C servers.
Affected Products
All systems
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Monitor traffics from the network for any suspicious activity.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |