DNS Tunnel - Episode 5x04 need help :)

[carloss]

Im trying to get this working.

I tried multiple tutorials in the web, the one from mubix aswell.

And like that tutorial: LINK

When i do this:

/droute.pl -r DNS-Server-IP sshdns.passwort.tunnel.nobaq.net[/code]

The client gives me signs that look like i have the wrong charset sellected.

When i do:

ssh -o ProxyCommand="./droute.pl sshdns.dtun.example.org" -N -D 9999 -C jdoe@localhost

The client does nothing. Until i press ctrl C

In both cases the server displayes:

UDP connection from 217.237.149.139:28864 to 0.0.0.0

query 11433: (2176-56640.id-13401.down.dns.tunnel.domain.co.cc, IN, TXT) -

2176-56640.id-13401.down.dns.tunnel.domain.co.cc. 0 IN TXT "Hi: Wed Jan 13 05:09:23 UTC 2010"

NOERROR

;; id = 11433

;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0

;; ra = 0 ad = 0 cd = 0 rcode = NOERROR

;; qdcount = 1 ancount = 1 nscount = 0 arcount = 0

Maximum reply length as advertosed in EDNS from 217.237.149.139:28864: 512

Writing response - done

Waiting for connections...

UDP connection from 217.237.149.139:50086 to 0.0.0.0

query 42994: (2193-15449.id-13401.down.dns.tunnel.domain.co.cc, IN, TXT) -

2193-15449.id-13401.down.dns.tunnel.domain.co.cc. 0 IN TXT "Hi: Wed Jan 13 05:09:23 UTC 2010"

NOERROR

;; id = 42994

;; qr = 1 opcode = QUERY aa = 1 tc = 0 rd = 0

;; ra = 0 ad = 0 cd = 0 rcode = NOERROR

;; qdcount = 1 ancount = 1 nscount = 0 arcount = 0

Maximum reply length as advertosed in EDNS from 217.237.149.139:50086: 512

And the red Parts keep changing until i press ctrl C on my client.

The IP: 217.237.149.139 is the DNS Server from my ISP.

Ayone an idea??

Would be realy great!

Sorry for my bad english!

Edited April 27, 2010 by carloss

[Joe Schmoe]

check out the following links, this is much easier to configure.

http://linux.die.net/man/8/iodine

http://dev.kryo.se/iodine/

[mubix]

check out the following links, this is much easier to configure.

http://linux.die.net/man/8/iodine

http://dev.kryo.se/iodine/

How's your experience been with Iodine? I've found Ozyman a bit more stable, but ya, definitely Iodine is easier.

[Skinner]

I've had the ozyman-mod working but it is SLOOOWW (like 0.5k/sec).

I know that ppl have said it would be slow but is that normal? I get timeouts with it all the time , esp with sites containing dynamic content.

Tried from a couple of hotels and my own links which are quite fast so it's not line speed.

Because it's a cname I suppose the parent dns (godaddy) could be rate limiting queries I suppose.

Sk

[Oni]

I've been having a lot of trouble with this and I can't see why it wont work, save for some outside intervention.\\

Ive setup on my external Nameserver running box: subethanet.mydomain.com NS -> mydomain.dyndns.org

Now, I can see this is working fine as I run wireshark on mydomain.dyndns.org and I can see all the DNS requests arriving on port 53 for subethanet.mydomain.com. So you'd think that'd be it?

Sadly, I cant seem to do anything with these requests. I've tried both Ozymandns and the dnstunneld script (the updated Ozymandns) and I have little luck. Neither seem to do anything with the packets. I did try dnsspoof and that at least heard the requests (it printed the A requests I was sending from the 'host' lookup i was doing) but it wouldnt send replies either.

So im a little stumped. I can see that port 53 is open as i've nmap'd from another server outside my home network and that seems good too. Totally stumped :S

[Oni]

Ok, so heres the setup I have that doesn't quite seem to work

DNS Setup on mydomain.com

Name Server Subdomain

myserver.dyndns.com dnstunnel.mydomain.com

on my box at home:

myserver.dyndns.com settings

DNSHOST="dnstunnel.mydomain.com" # change this to your DNS name

REPLYIP="127.0.0.1" # what to answer on real DNS requests

OPTIONS="" # give additional options here

DNSTUNNELD="/opt/dnstunnel/dnstunneld" # the server script

/etc/init.d/dnstunneld start

On the client box

ssh -C -o ProxyCommand="dnstunnelc -v sshdns.dnstunnel.mydomain.com" root@localhost

Resolving through:

Up: 192.168.1.254

Down: 192.168.1.254

ssh -D 8000 -N -C -o ProxyCommand="dnstunnelc sshdns.dnstunnel.mydomain.com" root@localhost

(this command just sits there... probably doing it's proxy thing)

I then setup firefox to do its test thing

I should point out my server is behind my NAT which has 53 open on the access box

Back on the Server

So the packets are arriving but they simply arent being forwarded properly and there is no return.

Im following the instructions given at http://www.splitbrain.org/blog/2008-11/02-...ing_made_simple

Edited April 24, 2010 by Oni

[Oni]

Should point out that it appears that dnstunneld is bound to *.*:53 according to netstat on my little server box so clearly the resolution is working.

host mytunnel.mydomain.com doesnt return anything and times out but the packets still arrive so dnstunneld isn't doing basic DNS replies either. Something must be wrong with the way i've setup dnstunneld

[C-S-B]

How's your experience been with Iodine? I've found Ozyman a bit more stable, but ya, definitely Iodine is easier.

I run Iodine on my WRT54g and have successfully tunnelled from netbook and N900. I had to set a lower mtu to get an ssh connection.

Not had any trouble yet but I don't use it all that frequently with HSPDA access being much faster.

[Oni]

I think I might have cracked it.... moblock!

I was running moblock and never released it was blocking my linode as it tends to be silent or at least, silentish.

I really REALLY need to get a cool app to do logging. With moblock off I can at least get DNS to reply and play nice.