mailing list archives
Re: [PEN-TEST] IP Tunneling over DNS
From: Mordechai Ovits <movits () OVITS NET>
Date: Mon, 11 Sep 2000 17:59:43 -0400
The hard part is finding machines that are running programs such as this
one, because of the simple fact that they don't open a listening port.
Programs such as these must be found through passive means (I found the
suspicious machine while sniffing, messed with the router, and assumed the
IP of the machine it was trying to connect to, and discovered it that way.)
A "better" way of doing this evil deed is to run ppp through ssh. the ssh
is outgoing, so it neatly bypasses the firewall. The ppp session is in essence
a vpn, and can run any protocol over it. This is WAY harder to detect,
since all data is encrypted, and all you see is ssh traffic, no matter what
nefarious stuff is happening inside.