Re: [ncat] Thoughts about a --dns option?

[David Fifield <david () bamsoftware com>]

On Sat, Nov 14, 2009 at 07:10:56PM -0600, Ron wrote:
> I was thinking of writing a "dnscat" program for the fun of it --
> basically, a clone of netcat that, instead of going over a plain socket
> connection, sends all data through DNS.
>
> Then it occurred to me, could I just add a --dns option to Ncat, and
> leverage the infrastructure that others have built? I'm hoping it's
> possible, but, since I'm unfamiliar with the Ncat codebase, I was hoping
> to get opinions.
>
> Basically, the simplest way to implement this is for the client to poll
> their DNS server with CNAME requests that contain both a sequence number
> and a piece of data (basically, 1-datagoeshere.example.com). The server
> would respond with acknowledgments for each sequence number, and
> possibly data of its own (like 1-responsegoeshere.example.com). A random
> value (nonce) would likely be required, too, to fix issues with caching.
>
> I could see this being a very useful tool to communicate with a server
> (for example, a proxy server) in a situation where firewalls would
> normally prevent it. Not to mention transferring files, etc.
>
> Any thoughts on adding this as a part of Ncat? I'd be happy to do the
> coding, provided nobody says that it'll require a ton of reworking. :)

I don't think something like this belongs in Ncat but it is very
interesting. In your explanation, the "DNS server" isn't just any old
DNS server, but a custom data-transfer program that understands the
protocol, correct?

I think this might work well implemented as a proxy server. That way
anything could use it as a tunnel.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/