Re: [BAWUG] IP over DNS?

[William Arbaugh]

Using DNS is probably over kill, most of the set up's I've seen at hotels and airports (wired and wireless), permit ping packets without authentication. Given that there are several hacker tools that use ping as a covert channel available already- you'd think people would close these things up better.

BTW- details on this were first published in 1987 by C. Gray Girling

C gray Girling, "Covert Channels in LAN's ", IEEETransactions on software Engineering, Vol SE 13, No. 2, pp 292-296, February 1987.


On Wednesday, Nov 20, 2002, at 12:39 US/Eastern, Stuart Henderson wrote:

yes, convert channel signaling over dns works with any service that
allows dns lookups and responses including many wireless providers
and some cable modem networks.

Unless non-authenticated users are diverted to a separate DNS server
that only gives out the IP address of the authentication server and does
no recursive lookups..

--
general wireless list, a bawug thing <http://www.bawug.org/>
[un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless

--
general wireless list, a bawug thing <http://www.bawug.org/>
[un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless