SecPlusTrainer / Glossary / What is protocol tunneling for C2?
D2 · Threats

What is protocol tunneling for C2?

Protocol tunneling encodes malicious traffic inside permitted protocols — DNS tunneling (data in DNS queries), HTTPS tunneling (C2 in normal HTTPS), ICMP tunneling (data in ping packets).
DNS tunneling is popular because DNS is almost always allowed outbound. DNS monitoring and filtering prevents DNS tunneling. HTTPS tunneling requires SSL inspection to detect. High query frequency or unusual DNS response sizes indicate DNS tunneling.

Related Terms

What is adversarial AI in cybersecurity? What is an aggregation attack? What is anti-forensics? What is an attack surface?
← Back to Glossary Practice Questions →