Full Disclosure mailing list archives
Re: Verizon Wireless DNS Tunneling
From: "Fabio Pietrosanti (naif)" <lists () infosecurity ch>
Date: Sat, 08 Oct 2011 16:31:17 +0200
On 10/7/11 12:32 PM, Marshall Whittaker wrote:
I recently noticed that you can tunnel TCP through DNS (I used iodine) to penetrate Verizon Wireless' firewall.
When people avoid publicly saying stuff like this, that kind of hacks live for much longer time. Still iodine, when not used with direct raw socket but using resolver as a relay, DOES NOT randomize source port. That means that it's blocked by most statefull firewall like Cisco PIX that, for a specific DNS session, doesn't allow you to do more than X query every minutes. For example UK T-Mobile doing DNS stateful inspection, basically allow you to make "dns tunnelled traffic" for 2-3 seconds every minute. Probably because on the "virtual UDP/DNS session" there is a limit of "how many query can be done within 60s". If iodine would randomize the source port for the DNS query, it would probably works also in such conditions. -naif _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Verizon Wireless DNS Tunneling, (continued)
- Re: Verizon Wireless DNS Tunneling Valdis . Kletnieks (Oct 07)
- Re: Verizon Wireless DNS Tunneling Terrence (Oct 07)
- Re: Verizon Wireless DNS Tunneling Valdis . Kletnieks (Oct 07)
- Re: Verizon Wireless DNS Tunneling James Wright (Oct 07)
- Re: Verizon Wireless DNS Tunneling James Wright (Oct 07)
- Re: Verizon Wireless DNS Tunneling xD 0x41 (Oct 07)
- Re: Verizon Wireless DNS Tunneling Hartley, Christopher (Oct 07)
- Re: Verizon Wireless DNS Tunneling Dan Kaminsky (Oct 07)
- Re: Verizon Wireless DNS Tunneling Marshall Whittaker (Oct 07)
- Re: Verizon Wireless DNS Tunneling Valdis . Kletnieks (Oct 07)