DNS Tunneling

Transcript

1. DNS Tunneling or Another Way to Get Free Internet in

   Airports/Cafes

2. Many networks have restricted internet access Wireless access points in

   hotels and airports Censored Internet access in some countries Question: how can one get full internet acess? Idea: leverage one of the un ltered protocols

3. DNS (Domain Name Server) Almost never ltered Cannot reply with

   wrong results because of cache Not designed for tunnelling data (has limitations)

4. For DNS Tunneling are used NS and A records A

   record: maps hostname to 32-bit IPv4 address NS record: maps subdomain to a set of name servers

5. How internet access is blocked

6. How does DNS tunneling work?

7. What is needed for DNS tunneling A DNS server that

   you can con gure (enough permissions to allow you control over port 53) Another server, one not running DNS Some software to facilitate it Client machine

8. Existing implementations of DNS tunneling Iodine OzymanDNS Not supported anymore:

   dns2tcp NSTX

9. What is iodine?

10. Using iodine for DNS tunneling

11. CLIENT: uses iodine to encapsulate Ipv4 traf c into DNS

    traf c and sends the entire traf c to a subdomain. SERVER: After the traf c has reached our subdomain, iodine running on our server converts it to normal traf c -> forward to queried domain iodine server gets a response back -> encapsulates the normal traf c into DNS -> sends it through the tunnel. The DNS traf c is allowed by the rewall and is able to reach the client.

12. Downsides of DNS tunneling a bit more complicated setup the

    speed is very slow, as all data is sent inside DNS requests, which limits the amount in single packet and requires more packets to be sent.

13. DNS tunneling, step by step check if DNS traf c

    is allowed. Try pinging any domain. If you get an IP-address in the reply section, then it means that DNS packets are allowed, because the query went to the DNS server and it returned back the IP-Address of the domain. Add 2 DNS entries: an "A" and a "NS" record "33.33.33.33" - IP address of your tunnel server "hostname.com" is the domain you control tunnel1 IN A 33.33.33.33 tunnelme IN NS tunnel1.hostname.com

14. Con gure iodine on your server, then on the client

    Server iodined -f -c -P secretPassword22 192.168.99.1 tunnelme.hostname.com Client iodine -f -r 46.101.240.178 tunnelme.hostname.com Done!

15. The end!