nanog mailing list archives
Re: Malicious DNS request?
From: Bill Stewart <nonobvious () gmail com>
Date: Sun, 15 May 2005 21:08:00 -0700
Tunneling IP over DNS - Dan Kaminsky's ozymandns project. One source of really strange DNS packets I've seen is Dan Kaminsky's experiments with tunneling IP over DNS , which he presented at Codecon, Defcon, and other places. Dan has often done Really Twisted Things With Packets, and once you've already tunneled IP though HTTP, it's time to do something a bit more aggressive. His first implementations were relatively straightforward, good enough for using SSH and email from the DNS servers on random wireless access points without needing to log in, but they weren't really high performance. The work he demonstrated at Codecon 2005 was able to do high-performance streaming video over DNS, which required spreading the data stream over tens of thousands of DNS servers. It was quite impressive, in a this-is-seriously-wrong kind of way. Perhaps somebody's running something like that somewhere near you.
Current thread:
- Malicious DNS request? Joe Shen (May 12)
- Re: Malicious DNS request? Suresh Ramasubramanian (May 12)
- Re: Malicious DNS request? Gadi Evron (May 12)
- Re: Malicious DNS request? Brad Knowles (May 12)
- Re: Malicious DNS request? Valdis . Kletnieks (May 12)
- Re: Malicious DNS request? Brad Knowles (May 12)
- Message not available
- Re: Malicious DNS request? Bill Stewart (May 15)
- Re: Malicious DNS request? Brad Knowles (May 12)
- <Possible follow-ups>
- Re: Malicious DNS request? Joe Shen (May 17)
- Re: Malicious DNS request? Paul Vixie (May 17)
- Network Mitigation Devices Kevin Billings (May 17)
- Microsoft broke MTU discovery by last security pathces?? Alexei Roudnev (May 17)
- Re: Microsoft broke MTU discovery by last security pathces?? Mike Tancsa (May 17)
- Re: Malicious DNS request? Paul Vixie (May 17)
- Re: Malicious DNS request? Brad Knowles (May 17)