Jump to content

DNS Tunnel - Episode 5x04 need help :)


Recommended Posts

Posted (edited)

Im trying to get this working.

I tried multiple tutorials in the web, the one from mubix aswell.

And like that tutorial: LINK

When i do this:

/droute.pl -r DNS-Server-IP sshdns.passwort.tunnel.nobaq.net[/code]

The client gives me signs that look like i have the wrong charset sellected.

When i do:

ssh -o ProxyCommand="./droute.pl sshdns.dtun.example.org" -N -D 9999 -C jdoe@localhost

The client does nothing. Until i press ctrl C

In both cases the server displayes:

UDP connection from 217.237.149.139:28864 to 0.0.0.0

query 11433: (2176-56640.id-13401.down.dns.tunnel.domain.co.cc, IN, TXT) -

2176-56640.id-13401.down.dns.tunnel.domain.co.cc. 0 IN TXT "Hi: Wed Jan 13 05:09:23 UTC 2010"

NOERROR

;; id = 11433

;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0

;; ra = 0 ad = 0 cd = 0 rcode = NOERROR

;; qdcount = 1 ancount = 1 nscount = 0 arcount = 0

Maximum reply length as advertosed in EDNS from 217.237.149.139:28864: 512

Writing response - done

Waiting for connections...

UDP connection from 217.237.149.139:50086 to 0.0.0.0

query 42994: (2193-15449.id-13401.down.dns.tunnel.domain.co.cc, IN, TXT) -

2193-15449.id-13401.down.dns.tunnel.domain.co.cc. 0 IN TXT "Hi: Wed Jan 13 05:09:23 UTC 2010"

NOERROR

;; id = 42994

;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0

;; ra = 0 ad = 0 cd = 0 rcode = NOERROR

;; qdcount = 1 ancount = 1 nscount = 0 arcount = 0

Maximum reply length as advertosed in EDNS from 217.237.149.139:50086: 512

And the red Parts keep changing until i press ctrl C on my client.

The IP: 217.237.149.139 is the DNS Server from my ISP.

Ayone an idea??

Would be realy great!

Sorry for my bad english!

Edited by carloss
  • 3 weeks later...
  • 3 weeks later...
Posted

I've had the ozyman-mod working but it is SLOOOWW (like 0.5k/sec).

I know that ppl have said it would be slow but is that normal? I get timeouts with it all the time , esp with sites containing dynamic content.

Tried from a couple of hotels and my own links which are quite fast so it's not line speed.

Because it's a cname I suppose the parent dns (godaddy) could be rate limiting queries I suppose.

Sk

  • 1 month later...
Posted

I've been having a lot of trouble with this and I can't see why it wont work, save for some outside intervention.\\

Ive setup on my external Nameserver running box: subethanet.mydomain.com NS -> mydomain.dyndns.org

Now, I can see this is working fine as I run wireshark on mydomain.dyndns.org and I can see all the DNS requests arriving on port 53 for subethanet.mydomain.com. So you'd think that'd be it?

Sadly, I cant seem to do anything with these requests. I've tried both Ozymandns and the dnstunneld script (the updated Ozymandns) and I have little luck. Neither seem to do anything with the packets. I did try dnsspoof and that at least heard the requests (it printed the A requests I was sending from the 'host' lookup i was doing) but it wouldnt send replies either.

So im a little stumped. I can see that port 53 is open as i've nmap'd from another server outside my home network and that seems good too. Totally stumped :S

Posted (edited)

Ok, so heres the setup I have that doesn't quite seem to work

DNS Setup on mydomain.com

Name Server Subdomain

myserver.dyndns.com dnstunnel.mydomain.com

on my box at home:

myserver.dyndns.com settings

DNSHOST="dnstunnel.mydomain.com" # change this to your DNS name

REPLYIP="127.0.0.1" # what to answer on real DNS requests

OPTIONS="" # give additional options here

DNSTUNNELD="/opt/dnstunnel/dnstunneld" # the server script

/etc/init.d/dnstunneld start

On the client box

ssh -C -o ProxyCommand="dnstunnelc -v sshdns.dnstunnel.mydomain.com" root@localhost

Resolving through:

Up: 192.168.1.254

Down: 192.168.1.254

ssh -D 8000 -N -C -o ProxyCommand="dnstunnelc sshdns.dnstunnel.mydomain.com" root@localhost

(this command just sits there... probably doing it's proxy thing)

I then setup firefox to do its test thing

I should point out my server is behind my NAT which has 53 open on the access box

Back on the Server

dns2.jpg

So the packets are arriving but they simply arent being forwarded properly and there is no return.

Im following the instructions given at http://www.splitbrain.org/blog/2008-11/02-...ing_made_simple

Edited by Oni
Posted

Should point out that it appears that dnstunneld is bound to *.*:53 according to netstat on my little server box so clearly the resolution is working.

host mytunnel.mydomain.com doesnt return anything and times out but the packets still arrive so dnstunneld isn't doing basic DNS replies either. Something must be wrong with the way i've setup dnstunneld

Posted
How's your experience been with Iodine? I've found Ozyman a bit more stable, but ya, definitely Iodine is easier.

I run Iodine on my WRT54g and have successfully tunnelled from netbook and N900. I had to set a lower mtu to get an ssh connection.

Not had any trouble yet but I don't use it all that frequently with HSPDA access being much faster.

  • 3 weeks later...
Posted

I think I might have cracked it.... moblock!

I was running moblock and never released it was blocking my linode as it tends to be silent or at least, silentish.

I really REALLY need to get a cool app to do logging. With moblock off I can at least get DNS to reply and play nice.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...