[ previous ] [ next ] [ threads ]
 From:  "Jonathan De Graeve" <Jonathan dot De dot Graeve at imelda dot be>
 To:  "Manuel Kasper" <mk at neon1 dot net>, "macjones" <mac dot jones at jai dot co dot nz>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] ip over dns hack / captive portal?
 Date:  Mon, 3 Apr 2006 11:47:42 +0200
In our environment it can't because m0n0wall uses dns server behind
another L7 firewall which will cut down serious in the options


> -----Oorspronkelijk bericht-----
> Van: Manuel Kasper [mailto:mk at neon1 dot net]
> Verzonden: maandag 3 april 2006 11:42
> Aan: macjones
> CC: m0n0wall at lists dot m0n0 dot ch
> Onderwerp: Re: [m0n0wall] ip over dns hack / captive portal?
> On 03.04.06 17:33 +1200, macjones wrote:
> > Just wondering of the m0n0wall captive portal is susceptible to this
> > hack that uses DNS to transfer IP packets?
> Yes, although I've never actually tried nstx, I'm pretty sure that
> would work through m0n0wall's captive portal (and most other captive
> portal solutions as well). It's probably not easy to avoid this
> without potentially hampering legitimate use (perhaps the number of
> DNS queries of unauthenticated clients could be restricted, or the
> maximum query length limited to a number where this type of tunneling
> is no longer practicable).
> If anyone wants to get working on a modification to Dnsmasq that
> makes this kind of tunneling infeasible - be my guest.
> - Manuel
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch