[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Verizon Wireless DNS Tunneling
- To: James Wright <jamfwright@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Verizon Wireless DNS Tunneling
- From: "Hartley, Christopher" <hartley.87@xxxxxxx>
- Date: Fri, 7 Oct 2011 19:38:15 +0000
I would think that at minimum, thresholds could be set on how many names to
resolve, and permitted types for unauthenticated users. Prohibit NULL and TXT
records for unauthenticated hosts - or just whitelist A and CNAMEs, reject
others. Reject the 50th (or whatever) query from an unauthenticated
host/user... I don't think NACs are using DNS tricks in the main anymore
anyway. They shouldn't be... there are much better ways.
That said, I'm happy for this condition to exist permanently so long as I'm not
responsible for the traffic.
On Oct 7, 2011, at 10:26 AM, James Wright wrote:
Actually, yes, they could provide bad data. I believe (perhaps erroneously)
that Comcast does this. Probably other service providers do too. Until you
are authenticated to use their network you are redirected to a service page
that can help authenticate you. If you have connectivity issues (like bad
cached DNS entries) after authenticating you are to reboot (or otherwise clear
the local DNS cache).
I don't really see why Verizon could not do similar. All DNS traffic from an
unauthenticated user/machine would be redirected to a DNS server that only
returned the appropriate service page. Most or all other traffic would be
blocked. Much like NAC.
Thanks,
James
On Fri, Oct 7, 2011 at 10:05 AM, Dan Kaminsky
<dan@xxxxxxxxxxx<mailto:dan@xxxxxxxxxxx>> wrote:
One major reason it sticks around is -- what are you supposed to do, return bad
data until the user is properly logged in? It might get cached -- and while
operating systems respect TTL, browsers most assuredly do not ("well, it MIGHT
take us somewhere good").
It's not like there's a magic off switch that makes this go away.
On Fri, Oct 7, 2011 at 4:56 AM, Marshall Whittaker
<marshallwhittaker@xxxxxxxxx<mailto:marshallwhittaker@xxxxxxxxx>> wrote:
Yes, I've found that DNS tunneling works well at the college I go to on their
WIFI. I've never gotten ICMP tunneling to work myself (outside of a virtual
machine), but I have some code laying around somewhere that can do it just in
case I need it for something sometime. Just thought it would be interesting to
some people that it works on such a large provider as Verizon. The only
problem with it that I see is that it's quite slow. But if it works, so be it.
Good for checking email and browsing the web and such on the road. But I
wouldn't try to torrent a linux distro with it, haha.
--oxagast
On Fri, Oct 7, 2011 at 7:39 AM, BH
<lists@xxxxxxxxxxx<mailto:lists@xxxxxxxxxxx>> wrote:
This comes in handy when travelling, I also found a few places where ICMP
tunnelling works well.
On 7/10/2011 6:35 PM, Dan Kaminsky wrote:
Works mostly everywhere. It's apparently enough of a pain in the butt to deal
with, and abused so infrequently, that it's left alone.
On Fri, Oct 7, 2011 at 3:32 AM, Marshall Whittaker
<marshallwhittaker@xxxxxxxxx<mailto:marshallwhittaker@xxxxxxxxx>> wrote:
I recently noticed that you can tunnel TCP through DNS (I used iodine) to
penetrate Verizon Wireless' firewall. You can connect, and if you can hold the
connection long enough to make a DNS tunnel, then the connection stays up, then
use SSH -D to create a proxy server for your traffic. Bottom line is, you can
use the internet without paying. I made a video of it. It can be seen here:
http://www.youtube.com/user/Oxagast?blend=2&ob=5#p/u/0/X6oWESQMVd8 I tried to
contact Verizon on their security blog about it a few weeks ago at
http://securityblog.verizonbusiness.com/ however, I have not had a response.
This technique still works as of this posting. Maybe this will help them get
their act together ;-)
--oxagast
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/