stuffing DoH requests... how could one protect against this ?
was just reading this artcile : https://www.bleepingcomputer.com/news/security/attackers-abuse-google-dns-over-https-to-download-malware/
the concept and its usage aren't entirely new, but new findings apparently show that DoH while being progress is already being abused :-/
What is the best course of action i wonder ... continue using DoH and be at the mercy of encrypted traffic that can be stuffed at will as demonstrated or use normal plain text DNS that can be scan/classified/blacklisted ?
thoughts ?
-
No thoughts here. Encryption is always a double-edged sword ...
Also, the Firewalla implementation may be a better hybrid. Meaning, your device always speaks raw DNS (no DoH) with Firewalla, and Firewalla will convert the raw DNS to DoH ... this conversion can prevent data getting passed through the DoH protocol.
Please sign in to leave a comment.
Comments
2 comments