Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] IP Tunneling over DNS
From: Andre Delafontaine <andre.delafontaine () ECHOSTAR COM>
Date: Mon, 11 Sep 2000 13:46:58 -0600

"Christopher M. Bergeron" wrote:

I just read an interesting post at slashdot:  http://slashdot.org/article.pl?sid=00/09/10/2230242&mode=thread

theoretically, someone from inside a secure network could tunnel out (ala Trojan) to punch a major hole through a 
firewall.  Am I understanding this correctly?

Once somebody controls a host inside a network, he can tunnel out using
any protocol the firewall will let through, even if it is outbound only
(i.e. http): Back Orifice will pass data over ICMP, so allowing outgoing
pings through a firewall is sufficient, as long as the ECHO REPLIES can
come back.

Markus Ranum has mentioned that he once implemented an nfs mount of an
internal host's filesystem through a firewall that only passed email:
the internal and external hosts encapsulated IP packets in individual
mails. It was slow, but worked...

             andre.delafontaine at echostar.com

  F20 DSS: BD75 66D9 5B2C 66CE 9158  BB27 B199 59CE D117 4E9F
   F16 RSA: F8 04 FE 50 02 B5 03 02  F6 87 C7 8D F9 2E B8 58

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]