Monthly Archives: August 2011

DNS query over SSH tunnel

Posted by dgoulet on August 21, 2011 1 comment

I’ll explain here how to redirect every DNS query your Linux system does through an SSH tunnel. I’ll be using this *wonderful* tool to make that trick:

socat (http://www.dest-unreach.org/socat/)

$ sudo apt-get install socat

Screw yum and … worst! pacman :P (hw :*)

You’ll need an endpoint (server side) where your DNS queries will be rerouted. This will be the SSH tunnel endpoint. Now, how to do it:

Client Side

Start this command in the background. You can either use an init script or /etc/rc.local or whatever mechanism you like.

$ sudo socat udp-recvfrom:53,reuseaddr,bind=127.0.0.1,fork tcp:127.0.0.1:5377

So, we create an UDP socket on 127.0.0.1:53 (this is why you need root access), magically transform all traffic to TCP and sending it to 127.0.0.1:5377. This port (5377) can be whatever you want over 1024. It’s the local port of your SSH tunnel. Easy, UDP->TCP with a one liner :).

Then, start your SSH tunnel (-f -N makes SSH go to background and not execute remote command):

$ ssh -f -N -L 5377:localhost:5377 <server_addr>

Server Side

On your remote endpoint, simply redirect the TCP packet to a normal UDP datagram that will be sent to a DNS server:

$ sudo socat tcp4-listen:5377,reuseaddr,fork,backlog=50,bind=127.0.0.1 UDP:8.8.8.8:53

The example above is redirecting it to the famous Google DNS at 8.8.8.8. Feel free to use whatever DNS server you want.

The backlog=50 option is the size of listen(2) queue. Here 50. When you have thunderbird starting with 6 RSS feeds and 7 email accounts, trust me, there is a LOT of DNS queries sent through this tunnel.

Finally, change your /etc/resolv.conf. Put nameserver 127.0.0.1

Voilà!

Linux DNS query over TCP

I made a bit of research on how to make a Linux box use TCP instead of UDP for DNS resolution. The res_init() function (see resolver(5)) is part of the libc resolv component and reads the configuration file resolv.conf(5) to get default domain name, search order, name server address(es) and various options.

With the libc 2.14+, the RES_USEVC option support is added to res_init(). Just add options use-vc to the resolv.conf(5) file and TCP will be used by default for the entire system.

From there, it’s easier to reroute DNS traffic.

$ sudo ssh -f -N -L 53:8.8.8.8:53 <server_addr>

Cheers!

FIN
David

CCC media – Camp 2011

Posted by dgoulet on August 17, 2011 No comments

CCC is now over for 2011. Lectures recordings were posted online at:

http://media.ccc.de/browse/conferences/camp2011/

Here’s a link to Dan Kaminsky’s talk. “Rien pour faire sauter une braguette, mais très divertissant”

Black Ops of TCP/IP – Dan Kaminsky

FIN

David

Tool Release – Tachyon

Posted by initnull on August 15, 2011 No comments

Being fed up of manually checking target hosts for “forgotten files”, I decided to put up a small tool that would be very fast and dedicated only to this task.

Tachyon is a Fast Multi-Threaded Web Discovery Tool written in python that provides:

- Plugins support
- SSL support
- Tor support (trough privoxy) (TODO)
- Robots.txt support
- Common directory lookup
- Fast Multi-Threaded execution

The Tor support is still not working but it shouldn’t take too much time before it’s added.

Feel free to contribute and add your own targets:

https://github.com/initnull/tachyon

CISSP Groupies

Montréal computer security sect