nanog mailing list archives
Re: dns interceptors
From: Steve Bertrand <steve () ibctech ca>
Date: Fri, 12 Feb 2010 19:15:25 -0500
Jim Richardson wrote:
On Fri, Feb 12, 2010 at 2:15 PM, Randy Bush <randy () psg com> wrote:i just lost ten minutes debugging what i thought was a server problem which turned out to be a dns trapper on the wireless in the changi sats lounge. this is not the first time i have been caught by this. what are other roaming folk doing about this? randyssh tunnels to IP address
I sent this directly to Randy, but perhaps there are others who are interested in doing this as well. For the archives (and my own documentation): My DNS server doesn't listen on localhost (a prereq), so I'll use submit port instead: # on the roaming laptop (hereinafter 'client') # -f == run in background # steve@host is the submit server # -L means map this port "587:" to "remote-host:port" # -N means do not execute remote command client# ssh -f steve@208.70.104.210 -L 587:208.70.104.210:587 -N ...now I tell my local resolver (or in this case, my MUA) to use localhost instead of the normal remote host. Note that I generally use the standard ports on my localhost for this mapping. Doing so will not work for things like HTTP etc, as we are focused squarely on accessing resources located on our own equipment... ...SSH tunnelling even works over v6. The colon-separated address isn't handled well within the port-mapping portion of the command, so we'll use names instead: pearl# dig aaaa smtp.ibctech.ca smtp.ibctech.ca. 3598 IN AAAA 2607:f118::b6 ... client# ssh -6 -f steve () smtp ibctech ca -L 587:smtp.ibctech.ca:587 -N server# tcpdump -n -i lo0 port 587 client# telnet ::1 587 Trying ::1... Connected to localhost. Escape character is '^]'. 220 smtp.ibctech.ca ESMTP server# tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on lo0, link-type NULL (BSD loopback), capture size 96 bytes 19:01:20.529444 IP6 2607:f118::b6.59842 > 2607:f118::b6.587: S 4152936854:4152936854(0) win 65535 <mss 1440,nop,wscale 3,sackOK,timestamp 3135691171 0> 19:01:20.529497 IP6 2607:f118::b6.587 > 2607:f118::b6.59842: S 3425118408:3425118408(0) ack 4152936855 win 65535 <mss 1440,nop,wscale 3,sackOK,timestamp 322067125 3135691171> 19:01:20.529532 IP6 2607:f118::b6.59842 > 2607:f118::b6.587: . ack 1 win 8211 <nop,nop,timestamp 3135691171 322067125> 19:01:20.535727 IP6 2607:f118::b6.587 > 2607:f118::b6.59842: P 1:28(27) ack 1 win 8211 <nop,nop,timestamp 322067131 3135691171> 19:01:20.635335 IP6 2607:f118::b6.59842 > 2607:f118::b6.587: . ack 28 win 8211 <nop,nop,timestamp 3135691277 322067131> ...I love easy workarounds. I got sick and tired of fscking around a long time ago with troubleshooting blocked/hijacked ports, so I thought I'd bypass the problem by hijacking and re-routing the ports myself. Port tunnelling like this is my default whenever I'm not at home. Even on Windows its easy...all my apps are portable. Steve
Current thread:
- dns interceptors Randy Bush (Feb 12)
- Re: dns interceptors Jared Mauch (Feb 12)
- Re: dns interceptors Steve Bertrand (Feb 12)
- Re: dns interceptors Bill Thompson (Feb 12)
- Re: dns interceptors Jim Richardson (Feb 12)
- Re: dns interceptors Steve Bertrand (Feb 12)
- Re: dns interceptors Oliver Gorwits (Feb 13)
- Re: dns interceptors Randy Bush (Feb 13)
- Re: dns interceptors Jason Frisvold (Feb 14)
- Re: dns interceptors Patrick W. Gilmore (Feb 14)
- Re: dns interceptors Jason Frisvold (Feb 14)
- Re: dns interceptors Patrick W. Gilmore (Feb 14)
- Re: dns interceptors John Levine (Feb 14)
- Re: dns interceptors Larry Sheldon (Feb 14)
- Re: dns interceptors Bill Weiss (Feb 14)
- RE: dns interceptors Justin Krejci (Feb 18)
- Re: dns interceptors Jared Mauch (Feb 12)