iodine (IP over DNS tunnel)

user-pic
Vote 0 Votes

iodine 可以透過 DNS Server 來建立 IP tunnel
它可以把 traffic 封裝成一般的 DNS 封包 (query and response)

Linux Server
run: ./iodined -f 10.0.0.1 test.asdf
Enter a password

Linux Client
run: ./iodine -f 192.168.0.1 test.asdf (Replace 192.168.0.1 with the server's ip address)
Enter the same password

正常的話 Client 端應該就會取得 10.0.0.2 (dns0), 可以 ping 得到 Server 端 10.0.0.1
# ifconfig dns0
dns0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.0.0.2 P-t-P:10.0.0.2 Mask:255.255.255.0
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1130 Metric:1
RX packets:20 errors:0 dropped:0 overruns:0 frame:0
TX packets:19 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:1352 (1.3 KiB) TX bytes:1332 (1.3 KiB)

# ping -c5 10.0.0.1
PING 10.0.0.1 (10.0.0.1) 56(84) bytes of data.
64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=2.56 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=2.54 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=2.55 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=2.50 ms
64 bytes from 10.0.0.1: icmp_seq=5 ttl=64 time=2.62 ms

--- 10.0.0.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 2.504/2.556/2.621/0.037 ms

其中 test.asdf 是 Domain, 若 Client 端是直連 Server 端, 這個 Domain 可任意取名,
若 Client 端是透過其他 DNS 再 Relay 過來, 這個 Domain 必需合法, 而且執行 iodined 的 Server 端需被 NS 指向
有些 DNS Server 會有 rate limit 以降低被攻擊時的傷害程度, 像這些有保護的 DNS Server 就無法用來建立 tunnel
若是使用 Win32 版本, 需先裝 OpenVPN, 它會建立一個 TAP 區域連線

Leave a comment

About this Entry

This page contains a single entry by Pank published on July 21, 2013 11:57 PM.

Genymotion was the previous entry in this blog.

Using ffmpeg to trim MP3 is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

Monthly Archives