Trusted answers to developer questions

What is protocol tunneling?

Free System Design Interview Course

Many candidates are rejected or down-leveled due to poor performance in their System Design Interview. Stand out in System Design Interviews and get hired in 2024 with this popular free course.

Protocol tunneling is a technique used to encapsulate data packets of one protocol in a separate packet that is the characteristic of another protocol.

Uses

Protocol tunneling has several legitimate uses. It is typically employed to transmit private data over a public network or encrypt sensitive data.

However, attackers may use protocol tunneling to their advantage by tunneling malicious packets in protocols permitted by the network firewall. Due to the complexity of a tunneled packet, most firewalls are unable to detect its dual nature.

A firewall is a device that inspects inbound packets. It can block or permit any packet, depending on the access control rules used to configure it.

Implementation

A tunneled packet is embedded in a second packet which is characteristic of some other protocol. This enables the attacker to trick the firewall into believing that the inbound packet is characteristic of the outer protocol.

Once the firewall permits the tunneled packet, it is sent to the corresponding server, which parses the malicious payload and transmits it to the receiver.

It is important to note that implementing protocol tunneling requires both the sender and receiver to be involved in the attack. If the server is not aware that the packet is a tunneled one, it will not parse the malicious payload and transmit it to the intended receiver.

Therefore, packet tunneling is not useful for initial attacks.

Example

Firewalls work in accordance with an access control policy, which is a set of rules used to decide which inbound packets are to be denied or permitted.

Firewalls may deny or permit a packet based on its protocol.

For example, a firewall may deny all TCP packets with source IP 192.168.5.1. If the user operating on this IP is an attacker, they can tunnel the malicious TCP payload in an email. Emails use the SMTP protocol; upon receiving the SMTP packet, the firewall will likely permit the packet as it will fail to detect the tunneled TCP packet inside it.

Once the mail-server has received the email packet, it would be transmitted to the receiver’s IP address.

RELATED TAGS

protocol
tunnelling

CONTRIBUTOR

Rukhshan Haroon
Copyright ©2024 Educative, Inc. All rights reserved
Keep Exploring
Related Courses

Learn in-demand tech skills in half the time

PRODUCTS

Mock Interview

New

Courses

Skill Paths

Projects

Assessments

TRENDING TOPICS

Learn to Code

Tech Interview Prep

Generative AI

Data Science

Machine Learning

GitHub Students Scholarship

Early Access Courses

Pricing

For Individuals

Try for Free

Gift a Subscription

CONTRIBUTE

Become an Author

Become an Affiliate

Earn Referral Credits

RESOURCES

Blog

Cheatsheets

Webinars

Answers

ABOUT US

Our Team

Careers

Hiring

Frequently Asked Questions

Contact Us

Press

LEGAL

Privacy Policy

Cookie Policy

Terms of Service

Business Terms of Service

Data Processing Agreement

Copyright ©2024 Educative, Inc. All rights reserved.

soc2
Did you find this helpful?