What’s the deal with the Trump Tower server?

Before the election, some Internet researchers found that servers in Russia associated with a major bank were pinging or making DNS calls to a server located in Trump Tower.  While there may have been a semi innocent (though not really believable) explanation for the traffic, not for the extraordinary volume.  The FBI came out and said it was nothing, probably spam.  Well that was bull and they knew it as it was probably the basis for FISA warrants, which they wanted to keep quiet.

Since then, multiple media sources have said that monitoring was done on TT centered on that traffic, though other individuals may also be targets of electronic surveillance.

But that about these servers that set people off?  What were they doing?

DNS calls are the background radiation of the Internet.  Each second billions of DNS packets are sent from every conceivable device around the Net.  DNS (Domain Name Server) is the way that traffic is addressed across the Net.  Computers recognize IP#s as legitimate Internet addresses, not web site names  When you type Googe.com or Boomantribune.com into the address bar, a DNS packet is sent out to a Name Server, which sends back the correct IP#  for the site.  (Boomantribune.com is 64.34.170.44)  The browser, ftp client, email client, etc.. then use that address to request the page or other data.   Name servers are maintained for public use and private use for large enterprises that require them on their private networks.

It is possible for one server in a private network to send DNS requests to a DNS server on another private network if it was going to access resources on that private network.  But you would only need to do that once to copy the records from one server to another, then regularly update.  What was found in looking at the traffic between TT and the banks was near constant traffic for periods of time.  Like thousands and thousands of packets back and forth.  

“Earlier this month, the group of computer scientists passed the logs to Paul Vixie. In the world of DNS experts, there’s no higher authority. Vixie wrote central strands of the DNS code that makes the internet work. After studying the logs, he concluded, “The parties were communicating in a secretive fashion. The operative word is secretive. This is more akin to what criminal syndicates do if they are putting together a project.” …..

http://www.slate.com/articles/news_and_politics/cover_story/2016/10/was_a_server_registered_to_the_t
rump_organization_communicating_with_russia.html#return

About 10 years ago, this method of secret communications was brought up at another forum by very knowledgeable Sys Admins and DNS programmers.  I hadn’t heard of it and thought it would require custom code.  Imagine my surprise when I see today that there is a program to do this very thing.  

Unix/Linux/Apple/Win32/Android

http://code.kryo.se/iodine/

As I said, DNS calls are the background radiation of the Internet.  If you could disguise communications within that vast pool of similar traffic, you could possibly go un-noticed.  As long as you kept it short and wasn’t under constant surveillance. like a sanctioned Russian Bank.

Ridge