Tunnel IP through DNS
m |
m (→DNS) |
||
| Line 98: | Line 98: | ||
===DNS=== | ===DNS=== | ||
Okay, so I lied. | Okay, so I lied. | ||
| − | You | + | You might not need to setup any DNS records, but it certainly makes it easier, and if you don't have a static IP, then it sorta' makes it possible. |
| + | You might see something like this if you don't setup DNS records: | ||
| + | <source lang="bash"> | ||
| + | $ sudo iodine 12.34.56.78 google.com | ||
| + | Enter password: | ||
| + | Opened dns0 | ||
| + | Opened UDP socket | ||
| + | Sending DNS queries for google.com to 12.34.56.78 | ||
| + | Autodetecting DNS query type (use -T to override).......iodine: Got NXDOMAIN as reply: domain does not exist | ||
| + | .iodine: Got NXDOMAIN as reply: domain does not exist | ||
| + | .iodine: Got NXDOMAIN as reply: domain does not exist | ||
| + | .iodine: Got NXDOMAIN as reply: domain does not exist | ||
| + | .iodine: Got NXDOMAIN as reply: domain does not exist | ||
| + | ..iodine: Got NXDOMAIN as reply: domain does not exist | ||
| + | .iodine: Got NXDOMAIN as reply: domain does not exist | ||
| + | .iodine: Got NXDOMAIN as reply: domain does not exist | ||
| + | .iodine: Got NXDOMAIN as reply: domain does not exist | ||
| + | .iodine: Got NXDOMAIN as reply: domain does not exist | ||
| + | . | ||
| + | iodine: No suitable DNS query type found. Are you connected to a network? | ||
| + | iodine: If you expect very long roundtrip delays, use -T explicitly. | ||
| + | iodine: (Also, connecting to an "ancient" version of iodined won't work.) | ||
| + | </source> | ||
| + | |||
| + | ====Running Without DNS Records=== | ||
If you'r server's IP was 12.34.56.78, then you could run the following server command: | If you'r server's IP was 12.34.56.78, then you could run the following server command: | ||
<source lang="bash"> | <source lang="bash"> | ||
Revision as of 23:54, 25 November 2013
Have you ever been somewhere that offers 'free' WiFi? Only to find that you can have 30 minutes for free, or that you need to register?
This page is for you!
Contents |
Groundwork
This technique will tunnel IP out via DNS queries (sounds crazy, doesn't it?)
Once you're connected to the network, you need to ensure that you can access the internet.
Any HTTP traffic will be redirected to the login page, but you might find that DNS requests can get out!
Try resolving google.com and see what happens...
If you get an IP back, you're probably good to go.
Setup and Configuration
DNS
You'll need to have access to a domain that you can configure, and you'll need to do the following.
Say your domain is example.com.
- Add a new NS record,
x.example.com, and point it at an A record - The A record needs to point to a machine that you control, if necessary add a record, and configure Dynamic DNS (for example
xn.example.com)
This says: "for any DNS queries related to x.example.com, ask xn.example.com"
Iodine
This is a handy little tool (available as iodine on Ubuntu) that comes in two parts - Server and Client... Duh...
Server
The Server is what you want to run on xn.example.com.
You'll need to open port 53 (DNS) in any firewalls and you'll need to run iodined like so:
sudo iodined -b 27001 -f 10.0.0.1/24 x.example.com
-
-b 27001- forwards any DNS queries that aren't forx.example.comto portlocalhost:27001(if you have any DNS servers on the machine already, remember to move or stop them) -
-f- keeps iodined running in the foreground -
10.0.0.1/24- is the IP and subnet for the TAP that will be created - any incoming connections will get an IP address in this range -
x.example.com- is the FQDN that has the NS record
Running ifconfig on the server should give you an entry like this:
dns0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.0.1 P-t-P:10.0.0.1 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1130 Metric:1
RX packets:5721 errors:0 dropped:0 overruns:0 frame:0
TX packets:6182 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:885994 (885.9 KB) TX bytes:2916389 (2.9 MB)Client
Once your server is setup and running, you can have a play with the client. Run it like this:
sudo iodine x.example.comYou can use the information that is output at startup (while the link is being negotiated) to make the startup quicker:
sudo iodine -TNULL -r -m226 -OBase64u -L0 xn.example.com x.example.com
-
-TNULL- use DNS query type NULL -
-r- skip RAW UDP mode -
-m226- set a fragment size of 226 bytes -
-OBase64u- force the downstream encoding type to base64u -
-L0- force legacy (non-lazy) mode -
xn.example.com- the name server to query (optional) -
x.example.com- the FQDN to use
Running ifconfig on the client should give you an entry like this:
dns0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.0.3 P-t-P:10.0.0.3 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1130 Metric:1
RX packets:230 errors:0 dropped:0 overruns:0 frame:0
TX packets:196 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:163067 (163.0 KB) TX bytes:26077 (26.0 KB)Applications
Now you should have a link up and running. Don't forget that your routing will need adjusting (away from the 'pay me' default).
You could also easily use ssh to forward ports and give you encrypted and compressed transport through this DNS tunnel(!) For example, if you have a proxy running on your server on port 8080, do this:
ssh attie@10.0.0.1 -L8080:localhost:8080
Evaluation
Throughput
Okay, so the previously mentioned configuration results in a painfully slow link... And I mean slow (around 16-24kb/s). But at least it's a link!
DNS
Okay, so I lied. You might not need to setup any DNS records, but it certainly makes it easier, and if you don't have a static IP, then it sorta' makes it possible.
You might see something like this if you don't setup DNS records:
$ sudo iodine 12.34.56.78 google.com Enter password: Opened dns0 Opened UDP socket Sending DNS queries for google.com to 12.34.56.78 Autodetecting DNS query type (use -T to override).......iodine: Got NXDOMAIN as reply: domain does not exist .iodine: Got NXDOMAIN as reply: domain does not exist .iodine: Got NXDOMAIN as reply: domain does not exist .iodine: Got NXDOMAIN as reply: domain does not exist .iodine: Got NXDOMAIN as reply: domain does not exist ..iodine: Got NXDOMAIN as reply: domain does not exist .iodine: Got NXDOMAIN as reply: domain does not exist .iodine: Got NXDOMAIN as reply: domain does not exist .iodine: Got NXDOMAIN as reply: domain does not exist .iodine: Got NXDOMAIN as reply: domain does not exist . iodine: No suitable DNS query type found. Are you connected to a network? iodine: If you expect very long roundtrip delays, use -T explicitly. iodine: (Also, connecting to an "ancient" version of iodined won't work.)
=Running Without DNS Records
If you'r server's IP was 12.34.56.78, then you could run the following server command:
sudo iodined -b 27001 -f 10.0.0.1/24 google.com
And client command:
sudo iodine 12.34.56.78 google.com
You do however still need to open port 53.
