FYI - IP tunnelling via DNS
Paul A Vixie
vixie at mibh.net
Mon Sep 11 05:05:10 UTC 2000
> > http://slashdot.org/article.pl?sid=00/09/10/2230242&mode=nocomment
>
> Ok, so that's going to make life difficult for everyone who runs a firewall.
yes. but most firewalls are dumber than dirt -- they assume that port 53
traffic is DNS traffic and just let it through. i've got a tftp server and
client i've hacked to use port 53 rather than port 69. (doesn't everybody?)
> Is this even something we can do anything about ?
not as such. we can't change the protocol, and i'm not sure there's anything
any implementation (bind or otherwise) could do to block this access. NAT
seemed like a possibility a few seconds ago but then i realized that it's not
using A RR's and as far as i know most DNS-aware NAT implementations pass TXT
straight on through.
> Any thoughts, Paul ?
"it's a whole new ballgame."
More information about the bind-workers
mailing list