On 03.04.06 17:33 +1200, macjones wrote:
> Just wondering of the m0n0wall captive portal is susceptible to this
> hack that uses DNS to transfer IP packets?
Yes, although I've never actually tried nstx, I'm pretty sure that
would work through m0n0wall's captive portal (and most other captive
portal solutions as well). It's probably not easy to avoid this
without potentially hampering legitimate use (perhaps the number of
DNS queries of unauthenticated clients could be restricted, or the
maximum query length limited to a number where this type of tunneling
is no longer practicable).
If anyone wants to get working on a modification to Dnsmasq that
makes this kind of tunneling infeasible - be my guest.