Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Verizon Wireless DNS Tunneling

From: "Fabio Pietrosanti (naif)" <lists () infosecurity ch>
Date: Sat, 08 Oct 2011 16:31:17 +0200
On 10/7/11 12:32 PM, Marshall Whittaker wrote:

I recently noticed that you can tunnel TCP through DNS (I used iodine)
to penetrate Verizon Wireless' firewall.  


When people avoid publicly saying stuff like this, that kind of hacks
live for much longer time.

Still iodine, when not used with direct raw socket but using resolver as
a relay, DOES NOT randomize source port.

That means that it's blocked by most statefull firewall like Cisco PIX
that, for a specific DNS session, doesn't allow you to do more than X
query every minutes.

For example UK T-Mobile doing DNS stateful inspection, basically allow
you to make "dns tunnelled traffic" for 2-3 seconds every minute.

Probably because on the "virtual UDP/DNS session" there is a limit of
"how many query can be done within 60s".

If iodine would randomize the source port for the DNS query, it would
probably works also in such conditions.

-naif

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: