Full Disclosure: Re: Verizon Wireless DNS Tunneling

[BH <lists () blackhat bz>]

This comes in handy when travelling, I also found a few places where
ICMP tunnelling works well.

On 7/10/2011 6:35 PM, Dan Kaminsky wrote:
> Works mostly everywhere.  It's apparently enough of a pain in the butt
> to deal with, and abused so infrequently, that it's left alone.
>
> On Fri, Oct 7, 2011 at 3:32 AM, Marshall Whittaker
> <marshallwhittaker () gmail com <mailto:marshallwhittaker () gmail com>> wrote:
>
>     I recently noticed that you can tunnel TCP through DNS (I used
>     iodine) to penetrate Verizon Wireless' firewall.  You can connect,
>     and if you can hold the connection long enough to make a DNS
>     tunnel, then the connection stays up, then use SSH -D to create a
>     proxy server for your traffic. Bottom line is, you can use the
>     internet without paying. I made a video of it.  It can be seen
>     here: http://www.youtube.com/user/Oxagast?blend=2&ob=5#p/u/0/X6oWESQMVd8
>     <http://www.youtube.com/user/Oxagast?blend=2&ob=5#p/u/0/X6oWESQMVd8>
>     I tried to contact Verizon on their security blog about it a few
>     weeks ago at http://securityblog.verizonbusiness.com/ however, I
>     have not had a response.  This technique still works as of this
>     posting.  Maybe this will help them get their act together ;-)
>
>     --oxagast
>
>     _______________________________________________
>     Full-Disclosure - We believe in it.
>     Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>     Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/