[80867] in North American Network Operators' Group
Re: Malicious DNS request?
daemon@ATHENA.MIT.EDU (Bill Stewart)
Mon May 16 00:08:28 2005
Date: Sun, 15 May 2005 21:08:00 -0700
From: Bill Stewart <nonobvious@gmail.com>
Reply-To: Bill Stewart <nonobvious@gmail.com>
To: NANOG <nanog@merit.edu>
Cc: Shen <joe_hznm@yahoo.com.sg>
In-Reply-To: <p0620073bbea92816c4f1@10.0.1.2>
Errors-To: owner-nanog@merit.edu
Tunneling IP over DNS - Dan Kaminsky's ozymandns project.
One source of really strange DNS packets I've seen is Dan Kaminsky's
experiments with tunneling IP over DNS , which he presented at
Codecon, Defcon, and other places. Dan has often done Really Twisted
Things With Packets, and once you've already tunneled IP though HTTP,
it's time to do something a bit more aggressive. His first
implementations were relatively straightforward, good enough for using
SSH and email from the DNS servers on random wireless access points
without needing to log in, but they weren't really high performance.=20
The work he demonstrated at Codecon 2005 was able to do
high-performance streaming video over DNS, which required spreading
the data stream over tens of thousands of DNS servers. It was quite
impressive, in a this-is-seriously-wrong kind of way.
Perhaps somebody's running something like that somewhere near you.
