DTTS® Technical Exploration

Welcome to the security fix for TCP/IP…

For the first episode in a new series ADAMnetworks School of Cyber™ we dive in with David on the technical aspects of DTTS® and how it fixes the “security design flaw of TCP/IP”.

Show notes

Don’t Talk To Strangers® (or DTTS® for short) works at a layer 3 security gateway equipped with adam:ONE® software. Individualized, per-host IP connections are opened and closed only after a permitted and successful DNS query is made. In short, here’s a logical flow:

Protected by Patents of USA and Other Countries: https://adamnet.io/dttspatent


Demonstrations of the net result of DTTS® application as shown in the video is this:

  • Endpoint proxies are unable to connect by IP address (circumvention protection)
  • TOR unable to connect (malware is therefore unable to connect)
  • Unauthorized DNS-over-HTTPS (DoH) is blocked (preventing C2 usage, for example)
  • Beacons a-la-Cobalt Strike or Sliver fail (blocking C2)
  • Telegram unable to connect, even with IP or domain-fronting (prevents Telegram malicious use)
  • ExpressVPN (or any retail VPN service) that connects directly-by-IP (prevents policy circumvention)
  • Psiphon fails to tunnel out of a network (good egress control test is if Psiphon is unable to connect)

The application of DTTS® is not limited to the above examples. The application of Zero Trust principles simply makes DNS the root of trust and secures that channel to make DNS filtering itself leak-proof.

Important note

Some of the demonstrations were simplified to focus on the DTTS® component. It is important to note, however, that some of the examples use domain names as well as IP addresses, so it is actually a combination of DTTS® and DNS-blocking that is required to achieve proper security.