DNS is one of the most ubiquitous and yet least analyzed network protocols. DNS tunnels are frequently employed to sneak traffic in and out of restricted environments, without ever making a direct connection to the attacker's remote endpoint.
This talk discusses a holistic approach to detect DNS tunnels, and provides an open source implementation of these techniques to scan network traffic.