Menu
What's new
By:
Filters Better Search

DNS-over-HTTPS (DoH) in malware

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

dave14305

dave14305

Part of the Furniture
dave14305 said:
That didn’t take long. Malware now hides its secrets in DoH.

https://www.bleepingcomputer.com/ne...evades-traffic-monitoring-via-dns-over-https/

Interesting notion of DNS blocking of DoH for Bind, surely adaptable for dnsmasq.

https://github.com/bambenek/block-doh

Thought or ideas without breaking DNS-over-TLS?
Click to expand...

I was reading the other day about ISP's crying over DoH, but I also remember reading something about this type of issue as well, one of the main issues of DoH is that it is also where the parasites hide as well.

Good find @dave14305
 
Swistheater said:
I was reading the other day about ISP's crying over DoH, but I also remember reading something about this type of issue as well, one of the main issues of DoH is that it is also where the parasites hide as well.

Good find @dave14305
Click to expand...
I am envisioning a dnsmasq server hosts file with the known DoH hosts sending to a blackhole IP. Stubby would continue to use the router's resolv.conf based on the current Merlin design, so the initial DoT handshake would not be affected by dnsmasq.

Maybe we'd see SkyNet incorporate iptables rules blocking port 443 traffic to the DoH IPs.

Or maybe this is too risky to implement without harming DoT functionality. I once tried to block the iOS Cloudflare app being naive enough to just try blocking 1.1.1.1 port 443, but it seems the Cloudflare app was not using the anycast IP.

I wonder how long before bad guys start building Stubby into their malware? :eek:
 
You must log in or register to reply here.

Similar threads

E
DNS over HTTPS setting via ASUS Routers
Replies
1
Views
3K
bbunge
bbunge
iJorgen
Anyone using DOH3 or DOQ for DNS-queries on ASUS Merlin?
Replies
19
Views
4K
iJorgen
iJorgen
SomeWhereOverTheRainBow
AdGuardHome [RELEASE] Asuswrt-Merlin-AdGuardHome-Installer (AMAGHI)
50 51 52
Replies
1K
Views
199K
keef
keef
B
DNS over Tls is it right?
Replies
2
Views
5K
Yo_2T
Y
R
Enabling DNS-over-TLS (DoT) is now allowing a flood of ads through
Replies
8
Views
9K
ankhazam
A
Similar threads
Thread starter Title Forum Replies Date
sfx2000 Microsoft, DNS, and 192.168.1.0 General Network Security 4
B Which 3rd party dns filters do you use? General Network Security 19
P Threat protection / DNS filtering / Router security (on home network) General Network Security 1
C DNS changes General Network Security 8
tomasm Cloudflare DNS problems caused by Comcast? General Network Security 23
RMerlin How do malware-blocking DNS providers compare? General Network Security 67

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 811 (members: 17, guests: 794)
Top