On 10/7/11 12:32 PM, Marshall Whittaker wrote: > I recently noticed that you can tunnel TCP through DNS (I used iodine) > to penetrate Verizon Wireless' firewall.
When people avoid publicly saying stuff like this, that kind of hacks live for much longer time. Still iodine, when not used with direct raw socket but using resolver as a relay, DOES NOT randomize source port. That means that it's blocked by most statefull firewall like Cisco PIX that, for a specific DNS session, doesn't allow you to do more than X query every minutes. For example UK T-Mobile doing DNS stateful inspection, basically allow you to make "dns tunnelled traffic" for 2-3 seconds every minute. Probably because on the "virtual UDP/DNS session" there is a limit of "how many query can be done within 60s". If iodine would randomize the source port for the DNS query, it would probably works also in such conditions. -naif _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
