DNS-IP Tunneling
Working around Italy this last week got me thinking around bypassing Hotel wired and wireless charged services. Before going into my post I have to say that the cathedral in “Centro” Milan almost brought tears to my eyes, magnificient.
Generally we have two protocols on which to build that do not require authentication to work. The first being ICMP and more interestingly DNS.
It has been known for some time that IP can be encapsulated and transferred via ICMP, this is not new, in fact neither is NSTX (Nameserver Transfer Protocol).
I was practically building up the steps to code a DNS-IP tunnelling application (very useful as many networks allow outgoing DNS but nothing else). The idea was as follows:
- Server-side Application acting as our external DNS server
- Client-side middleware to act as HTTP proxy at one end and DNS resolution at the other
I put alot more work into the above including encoding types; however, doing a Google search led me to Thomer M. Gill’s documentation around NSTX and ICMPX.
I haven’t had a chance to explore the code of these projects but it looks really awesome. One of the challenges my conceptual tool faced was how to transfer the data via DNS. NSTX uses the TXT record to do this, of course I thought, smacking myself in the head; great, great stuff. Will have to try this out when I get home :)
http://slashdot.org/articles/00/09/10/2230242.shtml
http://www.doxpara.com/ (OzymanDNS)
etc
Dns2tcp:
http://www.hsc.fr/ressources/outils/dns2tcp/index.html
Some hotel wireless systems block DNS TXT requests. It’s a smart thing to do as they’re not normally needed. It’s a real pain if your DNS tunnel relies on TXT records, though.