[Unbound-users] Captive portal question
ondrej at sury.org
Fri Apr 23 12:25:24 UTC 2010
Isn't it easier to mess with tcp then to mess with dns? It's just few
lines in your firewall configuration.
On 23.4.2010, at 12:23, Tim Kindberg <tim at matter2media.com> wrote:
> Thanks for pointing out a potential problem but obviously I wouldn't
> have suggested this if I was aware of an attack.
> If I've understood it correctly, to be useful DNS tunnelling is
> carried out to a DNS server under the attacker's control. It's not
> clear to me how they could do that. Say the attacker controls a DNS
> server at example4.org. Assuming the scheme that I have defined
> (1-3 in my original message) works, then when the attacker tries to
> resolve example4.org, the request will be CNAMEd to example3.org,
> which I control.
> So please explain what I am missing.
> I'd also appreciate an answer to my original question :-). I'm
> sorry if I'm being dense but I'm new to all of these configuration
> Sven Ulland wrote:
>> On 2010-04-23 08:25, Tim Kindberg wrote:
>>> 1. traffic to example1.org is to be resolved normally, i.e.
>>> ultimately by the DNS server on the internet that the captive
>>> portal machine knows about
>> In other words, DNS tunnelling will work without restriction. Thanks
>> for keeping this classic loophole available for the few that care to
>> use it. Yes, I'm being sincere.
>> Unbound-users mailing list
>> Unbound-users at unbound.net
> Tim Kindberg
> Matter 2 Media Ltd
> w: matter2media.com
> e: tim at matter2media.com
> m: +44 (0)7954 582814
> t: +44 (0)117 9095221
> Unbound-users mailing list
> Unbound-users at unbound.net
More information about the Unbound-users