|
|
About
TODO
Blog
RSS
Old blog
Projects
Gallery
Notes
Thu, 26 Jun 2008
Hacking your ISP for fun and profit.
My ISP again blocked my account and can not unblock it although there
are money on the deposit. There are serious problems in its billing
system which requires manual intervention of the operator. Unfortunately
it is a real challenge to call them, it already took more than half of a hour
yesterday, and without success.
So, I decided to implement an interesting idea on how to bypass its blocking.
It is based on the security 'hole' in its (and I think vast majority
of ISPs do the same) DNS configuration, which allows
to request any DNS record even if account is blocked. It will be fetched from
remote DNS server if there are no records in the IPSs cache.
Thus attack vector becomes visible: implement IP over DNS tunnel network device
and setup local routing to use it by default. One has to control at least one
remote machine which hosts DNS records for given domain name, since it is required
to parse incoming DNS requests and process them accordingly.
There are at least two known IP over DNS tunnel solutions:
NSTX
(howto) and
OzymanDNS
(howto). Both solutions require that you own one or another
server to run ip-over-dns tunnel server on it.
Unfortunately I have only single machine with static IP address, which is not protected
by lots of firewalls and allows incoming connections.
The simplest solution for this problem is to create iptables input target rule
for the server, which will parse incoming DNS requests and redirect usual queries up
the network stack to the userspace server, and handle 'poisoned' queries as tunnel.
Client can be TUN/TAP based, but can also be a tunnel network device.
I believe the more weird it looks, the more interesting it is, so likely will think
more about kernel based tunnels.
DNS queries are limited enough not to allow binary data (IIRC,
the most interesting is DNS TXT records), but it can be appropriately
encoded and enciphered. So, will put it into
todo list.
I even think that it is not that bad idea to have such modules in kernel :)
/devel/other :: Link / Comments (8)
Please solve this captcha to be allowed to post (need to reload in a minute): 92 + 44
|
Erik wrote at 2008-06-27 02:26: