Intrusion Prevention

Dnscat2.DNS.Tunnel

Description

This indicates an attempt to use Dnscat2 DNS Tunnel.
Dnscat2 is a proxy tool that can tunnel data over DNS to bypass firewall policy. Some malware and APT attacks have used Dnscat2 to communicate with C&C servers.

Affected Products

All systems

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Monitor the traffic from the network for any suspicious activity.