Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Verizon Wireless DNS Tunneling

From: Dan Kaminsky <dan () doxpara com>
Date: Fri, 7 Oct 2011 03:35:22 -0700
Works mostly everywhere.  It's apparently enough of a pain in the butt to
deal with, and abused so infrequently, that it's left alone.

On Fri, Oct 7, 2011 at 3:32 AM, Marshall Whittaker <
marshallwhittaker () gmail com> wrote:


I recently noticed that you can tunnel TCP through DNS (I used iodine) to
penetrate Verizon Wireless' firewall.  You can connect, and if you can hold
the connection long enough to make a DNS tunnel, then the connection stays
up, then use SSH -D to create a proxy server for your traffic. Bottom line
is, you can use the internet without paying. I made a video of it.  It can
be seen here:
http://www.youtube.com/user/Oxagast?blend=2&ob=5#p/u/0/X6oWESQMVd8 I tried
to contact Verizon on their security blog about it a few weeks ago at
http://securityblog.verizonbusiness.com/ however, I have not had a
response.  This technique still works as of this posting.  Maybe this will
help them get their act together ;-)

--oxagast

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: