• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 819
  • Last Modified:

DNS Tunneling

I was reading about something called DNS tunneling and how it can be used to get passed hotspot pay points. In theory I would assume that this would also allow you to bypass content filters. Is there anyway to prevent this? I have been battling with this type of stuff for years with students using proxies to bypass our content filter and it would be nice to nip this problem once and for all.
0
thebradnetwork
Asked:
thebradnetwork
  • 2
  • 2
2 Solutions
 
Dave HoweCommented:
I wouldn't worry too much about it - dns queries are low bandwidth, and really you shouldn't be allowing any sort of query to external resolvers without them first paying for access (most pay2play access point systems respond to *any* dns query with the IP for the pay2play login/payment screen until the mac is authorized)

more troublesome is setups where people clone someone else's mac and IP (who has paid) and then continue to use their credits once they have signed off and gone somewhere else - I have seen "ghost" bills from this where someone has been billed hundreds of dollars for access over a period of hours or days when he can prove that he and his laptop were on the other side of an ocean....
0
 
Hugh FraserConsultantCommented:
DNS tunnelling usually refers to the use of DNS traffic for a covert channel. It uses DNS requests, usually text records, to communicate with a remote server listening on the DNS port. This isn't typically the way web content filters are bypassed. But it's an effective (and old) technique. Detecting it usually involves an IDS that watches for unusual volumes or patterns in DNS traffic.

The usual way content filters are bypassed is through an anonymizer. Is this what you're referring to?
0
 
Dave HoweCommented:
most content filters explicitly list the known anonymizing proxies - there are exceptions of course...
0
 
Hugh FraserConsultantCommented:
Sure. But if you're going through the trouble of establishing a DNS tunnelling server to surf the net, I'd be inclined instead to set up my own http proxy. Better bandwidth I'd expect, and a lot more straightforward.

My question was just to make sure I understand what the issue is before trying to provide solutions.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now