DNS Tunneling

I was reading about something called DNS tunneling and how it can be used to get passed hotspot pay points. In theory I would assume that this would also allow you to bypass content filters. Is there anyway to prevent this? I have been battling with this type of stuff for years with students using proxies to bypass our content filter and it would be nice to nip this problem once and for all.
LVL 6
thebradnetworkAsked:
Who is Participating?
 
Dave HoweSoftware and Hardware EngineerCommented:
most content filters explicitly list the known anonymizing proxies - there are exceptions of course...
0
 
Dave HoweSoftware and Hardware EngineerCommented:
I wouldn't worry too much about it - dns queries are low bandwidth, and really you shouldn't be allowing any sort of query to external resolvers without them first paying for access (most pay2play access point systems respond to *any* dns query with the IP for the pay2play login/payment screen until the mac is authorized)

more troublesome is setups where people clone someone else's mac and IP (who has paid) and then continue to use their credits once they have signed off and gone somewhere else - I have seen "ghost" bills from this where someone has been billed hundreds of dollars for access over a period of hours or days when he can prove that he and his laptop were on the other side of an ocean....
0
 
Hugh FraserConsultantCommented:
DNS tunnelling usually refers to the use of DNS traffic for a covert channel. It uses DNS requests, usually text records, to communicate with a remote server listening on the DNS port. This isn't typically the way web content filters are bypassed. But it's an effective (and old) technique. Detecting it usually involves an IDS that watches for unusual volumes or patterns in DNS traffic.

The usual way content filters are bypassed is through an anonymizer. Is this what you're referring to?
0
 
Hugh FraserConsultantCommented:
Sure. But if you're going through the trouble of establishing a DNS tunnelling server to surf the net, I'd be inclined instead to set up my own http proxy. Better bandwidth I'd expect, and a lot more straightforward.

My question was just to make sure I understand what the issue is before trying to provide solutions.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.