random dns queries with random sources

Tempest tempestterror at gmail.com
Wed Feb 19 16:38:03 UTC 2014


Or if you tell your bots to use a set of open resolvers, it helps hide them
by a step.


On Wed, Feb 19, 2014 at 8:32 AM, Simon Perreault <
simon.perreault at viagenie.ca> wrote:

> Le 2014-02-19 11:28, Dobbins, Roland a écrit :
> >> I am late to this train, but it appears no one else has brought this
> up.  It is a DNS tunneling setup, not an attack.
> >
> > This makes a lot of sense - good insight, will look into this further!
>
> I use this for free wi-fi in airports and such:
>
> http://code.kryo.se/iodine/
>
> If the wi-fi is configured to use an open resolver, we end up with the
> situation you describe.
>
> Simon
> --
> DTN made easy, lean, and smart --> http://postellation.viagenie.ca
> NAT64/DNS64 open-source        --> http://ecdysis.viagenie.ca
> STUN/TURN server               --> http://numb.viagenie.ca
>
>


More information about the NANOG mailing list