Linux Security Summit North America 2025

DNS remains a primary attack vector for data exfiltration and Command-and-Control (C2) operations, exploiting its inherent security flaws to bypass traditional defenses. This session presents a real-time, kernel-integrated security framework that actively prevents DNS-based data exfiltration using eBPF over Traffic Control (TC) scalable for large-scale distributed environments. Unlike passive detection approaches relying on anomalies, this solution dynamically intercepts DNS traffic at the kernel level, leveraging Deep Packet Inspection (DPI) and real-time lexical analysis to identify and block malicious requests before they leave the endpoint.

The framework also terminates C2 channels instantaneously, prevents DNS exfiltration over arbitrary transport ports, and dynamically blacklists domains across enterprise resolvers. With deep Linux kernel integration, it ensures minimal data loss, enhanced observability, and resilience against evolving threats. This session will explore the technical architecture, performance benchmarks, and deployment strategies to secure enterprise networks against modern DNS-based attacks.