{"id":745,"date":"2025-11-18T18:40:46","date_gmt":"2025-11-18T18:40:46","guid":{"rendered":"https:\/\/www.dae-pro.fr\/blog\/?p=745"},"modified":"2025-11-18T18:40:48","modified_gmt":"2025-11-18T18:40:48","slug":"comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata","status":"publish","type":"post","link":"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/","title":{"rendered":"Comment d\u00e9tecter un trafic DNS tunneling via un IDS comme Suricata ?"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Le <strong>DNS tunneling<\/strong> est une technique utilis\u00e9e par des attaquants pour contourner les m\u00e9canismes de s\u00e9curit\u00e9 r\u00e9seau et exfiltrer des donn\u00e9es ou \u00e9tablir des communications persistantes avec des syst\u00e8mes compromis. Cette m\u00e9thode exploite le protocole DNS, normalement autoris\u00e9 et peu surveill\u00e9, pour transmettre des informations sous forme de requ\u00eates et r\u00e9ponses DNS.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Un IDS (Intrusion Detection System) comme <strong>Suricata<\/strong> permet de d\u00e9tecter ces anomalies gr\u00e2ce \u00e0 l\u2019analyse en profondeur du trafic r\u00e9seau. Suricata, en tant qu\u2019outil open-source performant, peut identifier des comportements suspects en temps r\u00e9el, g\u00e9n\u00e9rer des alertes et faciliter une r\u00e9ponse rapide pour limiter les risques de fuite ou de compromission.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Pourquoi le DNS tunneling est difficile \u00e0 rep\u00e9rer&nbsp;?<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Le DNS est un protocole fondamental pour la r\u00e9solution de noms de domaine. Il pr\u00e9sente plusieurs caract\u00e9ristiques qui rendent le tunneling discret :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Utilisation de ports standards (53 UDP\/TCP)<\/strong>, rarement filtr\u00e9s par les firewalls.<\/li>\n\n\n\n<li><strong>Requ\u00eates fr\u00e9quentes et l\u00e9gitimes<\/strong>, ce qui rend l\u2019exfiltration difficile \u00e0 distinguer du trafic normal.<\/li>\n\n\n\n<li><strong>Encodage de donn\u00e9es dans des sous-domaines<\/strong>, qui passent souvent inaper\u00e7us lors de l\u2019inspection superficielle.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Ainsi, une surveillance r\u00e9seau classique peut ne pas suffire, et l\u2019utilisation d\u2019un IDS capable de corr\u00e9ler les anomalies devient indispensable.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Les signes r\u00e9v\u00e9lateurs d\u2019un DNS tunneling<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Certaines caract\u00e9ristiques peuvent indiquer la pr\u00e9sence d\u2019un tunnel DNS :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Sous-domaines tr\u00e8s longs ou al\u00e9atoires<\/strong><\/li>\n\n\n\n<li><strong>Fr\u00e9quence \u00e9lev\u00e9e de requ\u00eates vers un seul domaine externe<\/strong><\/li>\n\n\n\n<li><strong>Requ\u00eates DNS de taille inhabituelle<\/strong>, d\u00e9passant les standards du protocole<\/li>\n\n\n\n<li><strong>R\u00e9ponses DNS disproportionn\u00e9es ou r\u00e9guli\u00e8res<\/strong><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Suricata peut g\u00e9n\u00e9rer des alertes lorsqu\u2019il d\u00e9tecte ces anomalies, surtout si des r\u00e8gles sp\u00e9cifiques sont activ\u00e9es pour le trafic DNS.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Configurer Suricata pour d\u00e9tecter le DNS tunneling<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">\u00c9tape 1 : activer l\u2019inspection DNS<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Suricata permet une inspection d\u00e9taill\u00e9e des paquets DNS via ses modules d\u2019analyse. Pour cela :<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Activer le <strong>DNS parser<\/strong> dans le fichier de configuration suricata.yaml.<\/li>\n\n\n\n<li>S\u2019assurer que le port 53 UDP\/TCP est inclus dans les interfaces surveill\u00e9es.<\/li>\n\n\n\n<li>D\u00e9finir des seuils pour la taille des requ\u00eates et des r\u00e9ponses afin de d\u00e9tecter les anomalies.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Cette configuration de base permet de capturer toutes les requ\u00eates DNS et de pr\u00e9parer leur analyse.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u00c9tape 2 : utiliser des r\u00e8gles de d\u00e9tection DNS sp\u00e9cifiques<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Suricata supporte les r\u00e8gles de type dns-query et dns-nxdomain. Exemple de d\u00e9tection d\u2019un DNS tunneling :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Requ\u00eates vers des domaines inconnus avec sous-domaines sup\u00e9rieurs \u00e0 64 caract\u00e8res.<\/li>\n\n\n\n<li>Nombre anormal de requ\u00eates par minute vers le m\u00eame domaine.<\/li>\n\n\n\n<li>Analyse du pattern alphanum\u00e9rique dans les sous-domaines.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Ces r\u00e8gles peuvent \u00eatre personnalis\u00e9es selon le contexte r\u00e9seau et enrichies avec des listes noires de domaines suspect\u00e9s d\u2019h\u00e9berger des tunnels DNS.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u00c9tape 3 : corr\u00e9ler avec d\u2019autres indicateurs r\u00e9seau<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">La d\u00e9tection devient plus fiable lorsque le DNS est analys\u00e9 conjointement avec d\u2019autres indicateurs :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Flux sortants inhabituels<\/strong> vers des adresses IP non reconnues<\/li>\n\n\n\n<li><strong>Volume de requ\u00eates anormal<\/strong> compar\u00e9 \u00e0 la moyenne historique<\/li>\n\n\n\n<li><strong>Timing r\u00e9gulier ou patterns r\u00e9p\u00e9titifs<\/strong> indiquant un encodage automatique<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Suricata peut g\u00e9n\u00e9rer des alertes corr\u00e9l\u00e9es via EVE JSON output, permettant d\u2019int\u00e9grer ces informations dans un SIEM pour une supervision centralis\u00e9e.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Analyse des alertes et r\u00e9ponse<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Lorsqu\u2019une alerte Suricata signale un DNS tunneling :<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Identifier le domaine et l\u2019IP concern\u00e9e<\/strong><\/li>\n\n\n\n<li><strong>V\u00e9rifier le pattern des sous-domaines<\/strong> pour confirmer un encodage suspect<\/li>\n\n\n\n<li><strong>Mettre en quarantaine le flux suspect<\/strong> ou appliquer un blocage temporaire sur le firewall<\/li>\n\n\n\n<li><strong>Scanner le poste ou le serveur \u00e9metteur<\/strong> pour identifier une compromission \u00e9ventuelle<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Cette approche permet de contenir le risque sans interrompre l\u2019ensemble du r\u00e9seau, tout en conservant la visibilit\u00e9 sur le trafic l\u00e9gitime.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Pr\u00e9vention et bonnes pratiques<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Pour limiter le risque de DNS tunneling :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Limiter le trafic DNS externe<\/strong> aux serveurs r\u00e9solveurs officiels<\/li>\n\n\n\n<li><strong>Mettre en place des r\u00e8gles Suricata pr\u00e9d\u00e9finies<\/strong> pour les domaines inconnus<\/li>\n\n\n\n<li><strong>Surveiller les sous-domaines longs ou encod\u00e9s<\/strong><\/li>\n\n\n\n<li><strong>Corr\u00e9ler les alertes DNS avec les flux TCP\/UDP sortants<\/strong><\/li>\n\n\n\n<li><strong>Mettre \u00e0 jour r\u00e9guli\u00e8rement les r\u00e8gles et signatures<\/strong> pour inclure les nouvelles techniques d\u2019exfiltration<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Ces pratiques r\u00e9duisent la probabilit\u00e9 qu\u2019un tunnel DNS passe inaper\u00e7u.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Les avantages de Suricata pour la d\u00e9tection<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Inspection en profondeur<\/strong> des paquets DNS et analyse des patterns<\/li>\n\n\n\n<li><strong>Alertes en temps r\u00e9el<\/strong> pour une r\u00e9action rapide<\/li>\n\n\n\n<li><strong>Flexibilit\u00e9 des r\u00e8gles<\/strong> pour s\u2019adapter au contexte r\u00e9seau<\/li>\n\n\n\n<li><strong>Int\u00e9gration facile avec SIEM et syst\u00e8mes de reporting<\/strong> pour centraliser les incidents<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Des tests men\u00e9s sur des r\u00e9seaux d\u2019entreprise montrent que Suricata permet de d\u00e9tecter jusqu\u2019\u00e0 <strong>95 % des tunnels DNS connus<\/strong> lorsque les r\u00e8gles sont correctement configur\u00e9es et mises \u00e0 jour.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A LIRE AUSSI <a href=\"https:\/\/www.dae-pro.fr\/blog\/cyberattaque-comment-isoler-un-serveur-compromis-sous-vmware-esxi-sans-couper-la-production\/\" target=\"_blank\" rel=\"noreferrer noopener\">Cyberattaque : comment isoler un serveur compromis sous VMware ESXi sans couper la production\u00a0?<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Limites \u00e0 consid\u00e9rer<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">M\u00eame avec Suricata, certains tunnels DNS peuvent passer inaper\u00e7us :<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Les attaques utilisant <strong>domaines l\u00e9gitimes<\/strong> peuvent g\u00e9n\u00e9rer un faux positif ou \u00eatre ignor\u00e9es.<\/li>\n\n\n\n<li>Les tunnels tr\u00e8s faibles en volume peuvent ne pas d\u00e9passer les seuils d\u2019alerte.<\/li>\n\n\n\n<li>Les algorithmes d\u2019encodage sophistiqu\u00e9s rendent la corr\u00e9lation plus complexe.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Il est donc recommand\u00e9 de <strong>combiner Suricata avec des analyses comportementales<\/strong> et de maintenir une supervision constante du trafic DNS.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Le DNS tunneling est une technique utilis\u00e9e par des attaquants pour contourner les m\u00e9canismes de s\u00e9curit\u00e9 r\u00e9seau et exfiltrer des donn\u00e9es ou \u00e9tablir des communications<\/p>\n","protected":false},"author":2,"featured_media":746,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-745","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-securite"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Comment d\u00e9tecter un trafic DNS tunneling via un IDS comme Suricata ? - DAE-Pro<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Comment d\u00e9tecter un trafic DNS tunneling via un IDS comme Suricata ? - DAE-Pro\" \/>\n<meta property=\"og:description\" content=\"Le DNS tunneling est une technique utilis\u00e9e par des attaquants pour contourner les m\u00e9canismes de s\u00e9curit\u00e9 r\u00e9seau et exfiltrer des donn\u00e9es ou \u00e9tablir des communications\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/\" \/>\n<meta property=\"og:site_name\" content=\"DAE-Pro\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-18T18:40:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-18T18:40:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dae-pro.fr\/blog\/wp-content\/uploads\/2025\/11\/Comment-detecter-un-trafic-DNS-tunneling-via-un-IDS-comme-Suricata-.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"675\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Sarah D.\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sarah D.\" \/>\n\t<meta name=\"twitter:label2\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\\\/\"},\"author\":{\"name\":\"Sarah D.\",\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/#\\\/schema\\\/person\\\/cc910843c609c85b5d15d0751ce8356a\"},\"headline\":\"Comment d\u00e9tecter un trafic DNS tunneling via un IDS comme Suricata ?\",\"datePublished\":\"2025-11-18T18:40:46+00:00\",\"dateModified\":\"2025-11-18T18:40:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\\\/\"},\"wordCount\":937,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Comment-detecter-un-trafic-DNS-tunneling-via-un-IDS-comme-Suricata-.jpg\",\"articleSection\":[\"Cyber-s\u00e9curit\u00e9\"],\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\\\/\",\"url\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\\\/\",\"name\":\"Comment d\u00e9tecter un trafic DNS tunneling via un IDS comme Suricata ? - DAE-Pro\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Comment-detecter-un-trafic-DNS-tunneling-via-un-IDS-comme-Suricata-.jpg\",\"datePublished\":\"2025-11-18T18:40:46+00:00\",\"dateModified\":\"2025-11-18T18:40:48+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Comment-detecter-un-trafic-DNS-tunneling-via-un-IDS-comme-Suricata-.jpg\",\"contentUrl\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/11\\\/Comment-detecter-un-trafic-DNS-tunneling-via-un-IDS-comme-Suricata-.jpg\",\"width\":1200,\"height\":675,\"caption\":\"Comment d\u00e9tecter un trafic DNS tunneling via un IDS comme Suricata\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Comment d\u00e9tecter un trafic DNS tunneling via un IDS comme Suricata ?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/\",\"name\":\"DAE-Pro\",\"description\":\"S\u00e9curit\u00e9 des biens, personnes &amp; donn\u00e9es d&#039;entreprise\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/#organization\",\"name\":\"DAE-Pro\",\"url\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/DAE-pro-2.png\",\"contentUrl\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/09\\\/DAE-pro-2.png\",\"width\":595,\"height\":140,\"caption\":\"DAE-Pro\"},\"image\":{\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/#\\\/schema\\\/person\\\/cc910843c609c85b5d15d0751ce8356a\",\"name\":\"Sarah D.\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/36b6782aaa2ed3e4572514c64e2957724bcdc2df9fd7944b47e85c9ebbf62465?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/36b6782aaa2ed3e4572514c64e2957724bcdc2df9fd7944b47e85c9ebbf62465?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/36b6782aaa2ed3e4572514c64e2957724bcdc2df9fd7944b47e85c9ebbf62465?s=96&d=mm&r=g\",\"caption\":\"Sarah D.\"},\"url\":\"https:\\\/\\\/www.dae-pro.fr\\\/blog\\\/author\\\/sara\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Comment d\u00e9tecter un trafic DNS tunneling via un IDS comme Suricata ? - DAE-Pro","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/","og_locale":"fr_FR","og_type":"article","og_title":"Comment d\u00e9tecter un trafic DNS tunneling via un IDS comme Suricata ? - DAE-Pro","og_description":"Le DNS tunneling est une technique utilis\u00e9e par des attaquants pour contourner les m\u00e9canismes de s\u00e9curit\u00e9 r\u00e9seau et exfiltrer des donn\u00e9es ou \u00e9tablir des communications","og_url":"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/","og_site_name":"DAE-Pro","article_published_time":"2025-11-18T18:40:46+00:00","article_modified_time":"2025-11-18T18:40:48+00:00","og_image":[{"width":1200,"height":675,"url":"https:\/\/www.dae-pro.fr\/blog\/wp-content\/uploads\/2025\/11\/Comment-detecter-un-trafic-DNS-tunneling-via-un-IDS-comme-Suricata-.jpg","type":"image\/jpeg"}],"author":"Sarah D.","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"Sarah D.","Dur\u00e9e de lecture estim\u00e9e":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/#article","isPartOf":{"@id":"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/"},"author":{"name":"Sarah D.","@id":"https:\/\/www.dae-pro.fr\/blog\/#\/schema\/person\/cc910843c609c85b5d15d0751ce8356a"},"headline":"Comment d\u00e9tecter un trafic DNS tunneling via un IDS comme Suricata ?","datePublished":"2025-11-18T18:40:46+00:00","dateModified":"2025-11-18T18:40:48+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/"},"wordCount":937,"commentCount":0,"publisher":{"@id":"https:\/\/www.dae-pro.fr\/blog\/#organization"},"image":{"@id":"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dae-pro.fr\/blog\/wp-content\/uploads\/2025\/11\/Comment-detecter-un-trafic-DNS-tunneling-via-un-IDS-comme-Suricata-.jpg","articleSection":["Cyber-s\u00e9curit\u00e9"],"inLanguage":"fr-FR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/","url":"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/","name":"Comment d\u00e9tecter un trafic DNS tunneling via un IDS comme Suricata ? - DAE-Pro","isPartOf":{"@id":"https:\/\/www.dae-pro.fr\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/#primaryimage"},"image":{"@id":"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dae-pro.fr\/blog\/wp-content\/uploads\/2025\/11\/Comment-detecter-un-trafic-DNS-tunneling-via-un-IDS-comme-Suricata-.jpg","datePublished":"2025-11-18T18:40:46+00:00","dateModified":"2025-11-18T18:40:48+00:00","breadcrumb":{"@id":"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/"]}]},{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/#primaryimage","url":"https:\/\/www.dae-pro.fr\/blog\/wp-content\/uploads\/2025\/11\/Comment-detecter-un-trafic-DNS-tunneling-via-un-IDS-comme-Suricata-.jpg","contentUrl":"https:\/\/www.dae-pro.fr\/blog\/wp-content\/uploads\/2025\/11\/Comment-detecter-un-trafic-DNS-tunneling-via-un-IDS-comme-Suricata-.jpg","width":1200,"height":675,"caption":"Comment d\u00e9tecter un trafic DNS tunneling via un IDS comme Suricata"},{"@type":"BreadcrumbList","@id":"https:\/\/www.dae-pro.fr\/blog\/comment-detecter-un-trafic-dns-tunneling-via-un-ids-comme-suricata\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dae-pro.fr\/blog\/"},{"@type":"ListItem","position":2,"name":"Comment d\u00e9tecter un trafic DNS tunneling via un IDS comme Suricata ?"}]},{"@type":"WebSite","@id":"https:\/\/www.dae-pro.fr\/blog\/#website","url":"https:\/\/www.dae-pro.fr\/blog\/","name":"DAE-Pro","description":"S\u00e9curit\u00e9 des biens, personnes &amp; donn\u00e9es d&#039;entreprise","publisher":{"@id":"https:\/\/www.dae-pro.fr\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dae-pro.fr\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/www.dae-pro.fr\/blog\/#organization","name":"DAE-Pro","url":"https:\/\/www.dae-pro.fr\/blog\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.dae-pro.fr\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.dae-pro.fr\/blog\/wp-content\/uploads\/2025\/09\/DAE-pro-2.png","contentUrl":"https:\/\/www.dae-pro.fr\/blog\/wp-content\/uploads\/2025\/09\/DAE-pro-2.png","width":595,"height":140,"caption":"DAE-Pro"},"image":{"@id":"https:\/\/www.dae-pro.fr\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.dae-pro.fr\/blog\/#\/schema\/person\/cc910843c609c85b5d15d0751ce8356a","name":"Sarah D.","image":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/secure.gravatar.com\/avatar\/36b6782aaa2ed3e4572514c64e2957724bcdc2df9fd7944b47e85c9ebbf62465?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/36b6782aaa2ed3e4572514c64e2957724bcdc2df9fd7944b47e85c9ebbf62465?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/36b6782aaa2ed3e4572514c64e2957724bcdc2df9fd7944b47e85c9ebbf62465?s=96&d=mm&r=g","caption":"Sarah D."},"url":"https:\/\/www.dae-pro.fr\/blog\/author\/sara\/"}]}},"_links":{"self":[{"href":"https:\/\/www.dae-pro.fr\/blog\/wp-json\/wp\/v2\/posts\/745","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dae-pro.fr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dae-pro.fr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dae-pro.fr\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dae-pro.fr\/blog\/wp-json\/wp\/v2\/comments?post=745"}],"version-history":[{"count":1,"href":"https:\/\/www.dae-pro.fr\/blog\/wp-json\/wp\/v2\/posts\/745\/revisions"}],"predecessor-version":[{"id":747,"href":"https:\/\/www.dae-pro.fr\/blog\/wp-json\/wp\/v2\/posts\/745\/revisions\/747"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dae-pro.fr\/blog\/wp-json\/wp\/v2\/media\/746"}],"wp:attachment":[{"href":"https:\/\/www.dae-pro.fr\/blog\/wp-json\/wp\/v2\/media?parent=745"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dae-pro.fr\/blog\/wp-json\/wp\/v2\/categories?post=745"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dae-pro.fr\/blog\/wp-json\/wp\/v2\/tags?post=745"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}