The DNS Hole: simple, and seemingly everywhere

By Kyle Brantley on July 8, 2006 8:58 AM | | Comments (0)

You know what DNS is. It might be the glue of the internet. Commonly using 53/udp, and when needed, 53/tcp, this service is the most used across the entire internet. Likewise, security on this service is somewhat... lax. I don't mean in terms of who can talk to a server, I mean something a little more... subtle.

Some months ago, a friend and I went down to UVSC for a TSA competition. It was over their spring break, so no students were there. He brought his gentoo laptop, plugged into an ethernet jack, and fired up a browser.

Only to be greeted with a login page.

Thus, the quest to get internet on said laptop ensued. After asking UVSC staff, they said that we needed to get the laptop scanned for viruses before such a login would be granted. That alone gave us a few laughs ("I'd like to see them install SpyBot on linux!"), but in the end, that department was closed. Likewise, after asking around a bit more, we found that no username and password would be provided. We'd have to enroll and be a student in order to get internet, as depressing as that is.

That wasn't what we had in mind, so we plugged in and began poking.

Outbound ICMP, blocked. Outbound TCP... redirected to a HTTP login page. Proxy? Also redirected. UDP? Blocked.

So we reconfigured the DNS server to a remote one. The DNS request went on through, even though we were met with the login page still.

OpenVPN + SSL cert over 53/udp to a remote host in Texas connected to a 100mbit line.

I'd love to see a statistical breakdown of internet traffic that day. It's not often that DNS traffic will be over a few megabytes of traffic a day, let alone 3MB/sec of traffic for several minutes on end. The end result of this can be seen here. It was a fun experience.

So why do I bring this up now? Because I'm stuck at a family reunion right now, up at Cherry Hill, with a wifi access point that wants $7 for a day.

I love DNS.

EDIT: Apologies for the mass of edits, this post was written on my Zaurus keyboard while at Cherry Hill. This post might have been filled with typos, and still probably is.

Categories

Internet Technologies , Linux

Leave a comment

About this Entry

This page contains a single entry by Kyle Brantley published on July 8, 2006 8:58 AM.

A few reasons why I hate Internet Explorer was the previous entry in this blog.

gnucash 2.0 + Zions Bank is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Subscribe to feed Subscribe to this blog's feed
Powered by Movable Type 4.0

Search