lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 07 Oct 2011 18:39:15 +0800
From: BH <lists@...ckhat.bz>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Verizon Wireless DNS Tunneling

This comes in handy when travelling, I also found a few places where
ICMP tunnelling works well.

On 7/10/2011 6:35 PM, Dan Kaminsky wrote:
> Works mostly everywhere.  It's apparently enough of a pain in the butt
> to deal with, and abused so infrequently, that it's left alone.
>
> On Fri, Oct 7, 2011 at 3:32 AM, Marshall Whittaker
> <marshallwhittaker@...il.com <mailto:marshallwhittaker@...il.com>> wrote:
>
>     I recently noticed that you can tunnel TCP through DNS (I used
>     iodine) to penetrate Verizon Wireless' firewall.  You can connect,
>     and if you can hold the connection long enough to make a DNS
>     tunnel, then the connection stays up, then use SSH -D to create a
>     proxy server for your traffic. Bottom line is, you can use the
>     internet without paying. I made a video of it.  It can be seen
>     here: http://www.youtube.com/user/Oxagast?blend=2&ob=5#p/u/0/X6oWESQMVd8
>     <http://www.youtube.com/user/Oxagast?blend=2&ob=5#p/u/0/X6oWESQMVd8>
>     I tried to contact Verizon on their security blog about it a few
>     weeks ago at http://securityblog.verizonbusiness.com/ however, I
>     have not had a response.  This technique still works as of this
>     posting.  Maybe this will help them get their act together ;-)
>
>     --oxagast
>
>     _______________________________________________
>     Full-Disclosure - We believe in it.
>     Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>     Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ