Professional Documents
Culture Documents
1 / 21
Outline
. 1 DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling Basics Limitations Implementations! iodine
. 2
Captive Portals Captive Protals Basics Bypassing Captive Portals Countermeasures for DNS tunneling Summary Conclusion Questions
. 3
2 / 21
3 / 21
3 / 21
3 / 21
3 / 21
Outline
. 1 DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling Basics Limitations Implementations! iodine
. 2
Captive Portals Captive Protals Basics Bypassing Captive Portals Countermeasures for DNS tunneling Summary Conclusion Questions
. 3
4 / 21
5 / 21
5 / 21
5 / 21
5 / 21
5 / 21
5 / 21
5 / 21
5 / 21
Outline
. 1 DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling Basics Limitations Implementations! iodine
. 2
Captive Portals Captive Protals Basics Bypassing Captive Portals Countermeasures for DNS tunneling Summary Conclusion Questions
. 3
6 / 21
7 / 21
7 / 21
7 / 21
7 / 21
Outline
. 1 DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling Basics Limitations Implementations! iodine
. 2
Captive Portals Captive Protals Basics Bypassing Captive Portals Countermeasures for DNS tunneling Summary Conclusion Questions
. 3
8 / 21
Setting Up iodine
.
The plan: well run iodine on animal.foss.ntua.gr Well set up a new zone, .iodine.foss.ntua.gr, and delegate all requests to that zone, to the server running iodine(animal).
9 / 21
Setting Up iodine
.
The plan: well run iodine on animal.foss.ntua.gr Well set up a new zone, .iodine.foss.ntua.gr, and delegate all requests to that zone, to the server running iodine(animal). To set up the new zone, we must add this to the .foss.ntua.gr zone conf le(at foss.ntua.gr server, running the primary authoratitve BIND for the zone): io IN NS animal.foss.ntua.gr. We use a small subdomain name, in order to give upstream trac more space.
9 / 21
Setting Up iodine
.
The plan: well run iodine on animal.foss.ntua.gr Well set up a new zone, .iodine.foss.ntua.gr, and delegate all requests to that zone, to the server running iodine(animal). To set up the new zone, we must add this to the .foss.ntua.gr zone conf le(at foss.ntua.gr server, running the primary authoratitve BIND for the zone): io IN NS animal.foss.ntua.gr. We use a small subdomain name, in order to give upstream trac more space. Now, we reload BIND(rndc reload on foss.ntua.gr). And were ready to go! :)
9 / 21
Running iodine
.
On the server side, well run iodined, specifying a password, the subdomain well use, and an IP iodine will use inside the tunnel: ./iodined -P secretpassword 10.0.10.1 io.foss.ntua.gr
10 / 21
Running iodine
.
On the server side, well run iodined, specifying a password, the subdomain well use, and an IP iodine will use inside the tunnel: ./iodined -P secretpassword 10.0.10.1 io.foss.ntua.gr On the client side: ./iodine -P secretpassword io.foss.ntua.gr
10 / 21
Running iodine
.
On the server side, well run iodined, specifying a password, the subdomain well use, and an IP iodine will use inside the tunnel: ./iodined -P secretpassword 10.0.10.1 io.foss.ntua.gr On the client side: ./iodine -P secretpassword io.foss.ntua.gr Now we have set up a working (tun) tunnel. The client will get an IP close to the servers IP, and they should be able to ping each other.
10 / 21
Network conguration
.
Of course trac is unencrypted, and we cant trust all the DNS relays our trac possibly goes through. Thus its a good idea to set up another secure tunnel(either with OpenVPN or with OpenSSH).
11 / 21
Network conguration
.
Of course trac is unencrypted, and we cant trust all the DNS relays our trac possibly goes through. Thus its a good idea to set up another secure tunnel(either with OpenVPN or with OpenSSH). For a VPN channel, the routing table would be like this: ip route add animal.foss.ntua.gr via default.gateway ip route add my.vpn.server via animal.foss.ntua.gr ip route add default via my.vpn.gateway
11 / 21
Network conguration
.
Of course trac is unencrypted, and we cant trust all the DNS relays our trac possibly goes through. Thus its a good idea to set up another secure tunnel(either with OpenVPN or with OpenSSH). For a VPN channel, the routing table would be like this: ip route add animal.foss.ntua.gr via default.gateway ip route add my.vpn.server via animal.foss.ntua.gr ip route add default via my.vpn.gateway We could have also used an SSH tunnel instead. Whatever we choose, we are now ready to bypass NTUA Wi Captive Portal(hopefully :P)!
11 / 21
Network conguration
.
Of course trac is unencrypted, and we cant trust all the DNS relays our trac possibly goes through. Thus its a good idea to set up another secure tunnel(either with OpenVPN or with OpenSSH). For a VPN channel, the routing table would be like this: ip route add animal.foss.ntua.gr via default.gateway ip route add my.vpn.server via animal.foss.ntua.gr ip route add default via my.vpn.gateway We could have also used an SSH tunnel instead. Whatever we choose, we are now ready to bypass NTUA Wi Captive Portal(hopefully :P)! (and maybe use netperf for bandwidth benchmarks ;)
11 / 21
Outline
. 1 DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling Basics Limitations Implementations! iodine
. 2
Captive Portals Captive Protals Basics Bypassing Captive Portals Countermeasures for DNS tunneling Summary Conclusion Questions
. 3
12 / 21
13 / 21
13 / 21
Outline
. 1 DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling Basics Limitations Implementations! iodine
. 2
Captive Portals Captive Protals Basics Bypassing Captive Portals Countermeasures for DNS tunneling Summary Conclusion Questions
. 3
14 / 21
15 / 21
15 / 21
15 / 21
Outline
. 1 DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling Basics Limitations Implementations! iodine
. 2
Captive Portals Captive Protals Basics Bypassing Captive Portals Countermeasures for DNS tunneling Summary Conclusion Questions
. 3
16 / 21
17 / 21
17 / 21
Outline
. 1 DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling Basics Limitations Implementations! iodine
. 2
Captive Portals Captive Protals Basics Bypassing Captive Portals Countermeasures for DNS tunneling Summary Conclusion Questions
. 3
18 / 21
Conclusion
.
DNS tunneling can be a very eective way to bypass captive portals(or rewalls).
19 / 21
Conclusion
.
DNS tunneling can be a very eective way to bypass captive portals(or rewalls). Howerver, it comes with a cost in bandwidth/perfomance, and connection is not always very stable. Nevetheless, we usually have enough bandwidth to browse the Web, or check our mail, for free! ;)
19 / 21
Outline
. 1 DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling DNS Tunneling Basics Limitations Implementations! iodine
. 2
Captive Portals Captive Protals Basics Bypassing Captive Portals Countermeasures for DNS tunneling Summary Conclusion Questions
. 3
20 / 21
Questions?
21 / 21
Questions?
. .
Thank You!
21 / 21
Questions?
. . . .
Thank You!
Now lets try to hack NTUA Wi! ;)
21 / 21