| 
  • If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • You already know Dokkio is an AI-powered assistant to organize & manage your digital files & messages. Very soon, Dokkio will support Outlook as well as One Drive. Check it out today!

View
 

DNSTunnel

Page history last edited by Jr Galang 15 years ago

How hard is it to create this (DNSTunnel)?

 

To create a DNSTunnel is relatively doable. Theory-wise, all you need is to find a root-accessible domain for the server side, PERL, SSH, and Ozyman, and you've pretty got much of the tools needed to make things work. Procedural-wise though, such is not the case.

 

DNSTunneling is done by making use of UDP Port 53, also known as the Internet Control Message Protocol (ICMP), which is used to report errors to the client. The port is generally open in most network connections, thus, such is the most effective port to use to tunnel things out.

 

Using UDP/53 means that all your network connection goes only through it, and since conventional routers and WiFi connections detect traffic in this port as a message protocol instead of a transport protocol, traffic in this port is generally unrestricted. Which means that even if Starbucks WiFi have a captive portal, you can still browse the net as you are, in theory, accessing the net without using a standard HTTP Protocol which, if you did use, would be detected by the router installed at Starbucks and would have automatically redirected you to its captive portal (where it asks you for an airborneaccess account or two). The only down-side though is that all your traffic goes to this port, whether incoming or outgoing, hence your connection speeds are generally slower than usual.

 

The problem is, how do you do that? While giving it my own shot, the client side were pretty much easy. The problem is with the server-side configuration. While the tutorial made by Hak5 were pretty much concise client wise, I never thought that it lacked on the server-side. Yes, I went to the nearest Starbucks to try it out, assuming that I only need to edit a bit of a nameserver et al on the server, and thinking I was done, tried to bypass airborneaccess' page only to find that oops! it ain't working.

 

So I tried checking what was wrong, I even did a ping to Google and I saw the IP Address et al, but what's preventing me from tunneling through and in effect bypass the captive portal page? I'm clueless really. In the end, I just concluded that it's my server-configuration that went amiss and I went home... extremely disappointed.

 

Researching further though made more alternatives, easier, but isn't as independent as a DNSTunnel. For one, there's Wireshark and MAC Address Spoofing, wherein you can spoof someone's MAC Address so as to trick a router that you're as authenticated as the real one is and you can feel free to browse the net without having to login. There's also the Free WiFi Radar which allows you to spot free WiFi hotspots whether they're invisible or not. But, technically, both relies on the fact that you either need the connection to be free already or that you need someone who has authentication through the portal page before you can actually access the net - which is way different to the method of a DNS Tunnel.

 

True, although the tools are easy to acquire, configuring it still on the server is a bit of a blurr. It's not just a matter of DYNDns, you actually have to code within the server, something that is completely foreign still for my understanding. Hopefully, I'd get to see more resource about this and eventually get to be able to successfully tunnel my way through a captive-portal enabled network.

Comments (0)

You don't have permission to comment on this page.