Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] IP Tunneling over DNS
From: Mark Shlimovich <mlists () MAILANDNEWS COM>
Date: Tue, 12 Sep 2000 16:15:36 -0700

It appeats to me that this is not tunneling into a internal perimiter, but
rather getting out. For example have a host outside the internal network
running a daemon. All you have access to internally is a http proxy. You
could make a http connection to the external daemon, which would tunnel your
request for materials other than HTTP requests. Techniques such as this
could also be used for evading censorship. For example the external http
daemon could obscure data tunnels making it look like a search engine, while
tunneling through censored traffic, from its uncensored connection.

Mark Shlimovich

-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Work, Clinton
Sent: Monday, September 11, 2000 1:43 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] IP Tunneling over DNS


There is already a mature tool to tunnel connections via HTTP which
works quite well. I have used it with many firewalls:

http://freshmeat.net/projects/httptunnel


On Mon, Sep 11, 2000 at 02:16:43PM -0400, Jose Nazario wrote:
On Mon, 11 Sep 2000, Christopher M. Bergeron wrote:

theoretically, someone from inside a secure network could tunnel out
(ala Trojan) to punch a major hole through a firewall.  Am I
understanding this correctly?

yes, yes you are. also, lookfor IP over SMTP tunneling. and LOKI, using
ICMP as a covert data channel.

tunneling is a major method of passing firewalls. tunnel whatever you want
through normal channels. unless the firewall is doing application level
filtering, you can really have some fun. you gotta be patient, but it can
be done.

there really isn't any reason why application level firewalls shouldn't be
more available and in wider use that i can see. they're tough to do right,
mind you, but not impossible.

jose nazario                                  jose () biochemistry cwru edu
PGP fingerprint: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc

--
=========================================================================
Clinton Work                                        clinton () scripty com
Calgary, Alberta


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]