Penetration Testing mailing list archives

Re: [PEN-TEST] IP Tunneling over DNS

From: Mordechai Ovits <movits () OVITS NET>
Date: Mon, 11 Sep 2000 17:59:43 -0400

The hard part is finding machines that are running programs such as this
one, because of the simple fact that they don't open a listening port.
Programs such as these must be found through passive means (I found the
suspicious machine while sniffing, messed with the router, and assumed the
IP of the machine it was trying to connect to, and discovered it that way.)


A "better" way of doing this evil deed is to run ppp through ssh.  the ssh
is outgoing, so it neatly bypasses the firewall.  The ppp session is in essence
a vpn, and can run any protocol over it.  This is WAY harder to detect,
since all data is encrypted, and all you see is ssh traffic, no matter what
nefarious stuff is happening inside.

Mordy

Current thread:

[PEN-TEST] IP Tunneling over DNS Christopher M. Bergeron (Sep 11)
- Re: [PEN-TEST] IP Tunneling over DNS Jose Nazario (Sep 11)
  - Re: [PEN-TEST] IP Tunneling over DNS Work, Clinton (Sep 12)
    - Re: [PEN-TEST] IP Tunneling over DNS Mark Shlimovich (Sep 12)
  - Re: [PEN-TEST] IP Tunneling over DNS Pawel Maciejewski (Sep 12)
    - Re: [PEN-TEST] IP Tunneling over DNS matthew patton (Sep 12)
- Re: [PEN-TEST] IP Tunneling over DNS Jonathan Rickman (Sep 11)
- Re: [PEN-TEST] IP Tunneling over DNS Mordechai Ovits (Sep 11)
- Re: [PEN-TEST] IP Tunneling over DNS Andre Delafontaine (Sep 12)
- <Possible follow-ups>
- Re: [PEN-TEST] IP Tunneling over DNS Dunker, Noah (Sep 11)
  - Re: [PEN-TEST] IP Tunneling over DNS Mordechai Ovits (Sep 12)
  - Re: [PEN-TEST] IP Tunneling over DNS BMM (Sep 12)
- Re: [PEN-TEST] IP Tunneling over DNS Eric Thiel (Sep 12)
  - Re: [PEN-TEST] IP Tunneling over DNS Teicher, Mark (Sep 12)
  - Re: [PEN-TEST] IP Tunneling over DNS Wolfgang Zenker (Sep 12)
  - Re: [PEN-TEST] IP Tunneling over DNS Peter Van Epp (Sep 12)