Penetration Testing mailing list archives
Re: [PEN-TEST] IP Tunneling over DNS
From: Mark Shlimovich <mlists () MAILANDNEWS COM>
Date: Tue, 12 Sep 2000 16:15:36 -0700
It appeats to me that this is not tunneling into a internal perimiter, but rather getting out. For example have a host outside the internal network running a daemon. All you have access to internally is a http proxy. You could make a http connection to the external daemon, which would tunnel your request for materials other than HTTP requests. Techniques such as this could also be used for evading censorship. For example the external http daemon could obscure data tunnels making it look like a search engine, while tunneling through censored traffic, from its uncensored connection. Mark Shlimovich -----Original Message----- From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf Of Work, Clinton Sent: Monday, September 11, 2000 1:43 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Re: [PEN-TEST] IP Tunneling over DNS There is already a mature tool to tunnel connections via HTTP which works quite well. I have used it with many firewalls: http://freshmeat.net/projects/httptunnel On Mon, Sep 11, 2000 at 02:16:43PM -0400, Jose Nazario wrote:
On Mon, 11 Sep 2000, Christopher M. Bergeron wrote:theoretically, someone from inside a secure network could tunnel out (ala Trojan) to punch a major hole through a firewall. Am I understanding this correctly?yes, yes you are. also, lookfor IP over SMTP tunneling. and LOKI, using ICMP as a covert data channel. tunneling is a major method of passing firewalls. tunnel whatever you want through normal channels. unless the firewall is doing application level filtering, you can really have some fun. you gotta be patient, but it can be done. there really isn't any reason why application level firewalls shouldn't be more available and in wider use that i can see. they're tough to do right, mind you, but not impossible. jose nazario jose () biochemistry cwru edu PGP fingerprint: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc
-- ========================================================================= Clinton Work clinton () scripty com Calgary, Alberta
Current thread:
- [PEN-TEST] IP Tunneling over DNS Christopher M. Bergeron (Sep 11)
- Re: [PEN-TEST] IP Tunneling over DNS Jose Nazario (Sep 11)
- Re: [PEN-TEST] IP Tunneling over DNS Work, Clinton (Sep 12)
- Re: [PEN-TEST] IP Tunneling over DNS Mark Shlimovich (Sep 12)
- Re: [PEN-TEST] IP Tunneling over DNS Pawel Maciejewski (Sep 12)
- Re: [PEN-TEST] IP Tunneling over DNS matthew patton (Sep 12)
- Re: [PEN-TEST] IP Tunneling over DNS Work, Clinton (Sep 12)
- Re: [PEN-TEST] IP Tunneling over DNS Jonathan Rickman (Sep 11)
- Re: [PEN-TEST] IP Tunneling over DNS Mordechai Ovits (Sep 11)
- Re: [PEN-TEST] IP Tunneling over DNS Andre Delafontaine (Sep 12)
- <Possible follow-ups>
- Re: [PEN-TEST] IP Tunneling over DNS Dunker, Noah (Sep 11)
- Re: [PEN-TEST] IP Tunneling over DNS Mordechai Ovits (Sep 12)
- Re: [PEN-TEST] IP Tunneling over DNS BMM (Sep 12)
- Re: [PEN-TEST] IP Tunneling over DNS Eric Thiel (Sep 12)
- Re: [PEN-TEST] IP Tunneling over DNS Teicher, Mark (Sep 12)
(Thread continues...)
- Re: [PEN-TEST] IP Tunneling over DNS Jose Nazario (Sep 11)