[tor-bugs] #15213 [Pluggable transport]: DNS tunneling transport (like iodine, dnscat)

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Mar 10 23:00:15 UTC 2015


#15213: DNS tunneling transport (like iodine, dnscat)
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  asn
  federico3              |     Status:  new
         Type:           |  Milestone:
  enhancement            |    Version:
     Priority:  normal   |   Keywords:  DNS iodine tor tunneling ideas hard
    Component:           |  Parent ID:
  Pluggable transport    |
   Resolution:           |
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by yawning):

 Replying to [comment:4 dcf]:
 > But! There are many use cases and threat models. A DNS-based transport
 might be nice to get out from behind a wi-fi captive portal, for example,
 even if it is vulnerable to a nation-level censor. I would find it
 valuable to have a DNS tunnel into Tor that I can configure with only a
 bridge line, as opposed to setting up a tun device or whatever, which I
 have always found difficult.

 Sure.  And it'll be fun to write.  Not sure how many of the captive portal
 implementations out there don't do DNS hijacking currently, so it's
 probably more usable than the existing literature would suggest.

 > DNS could also be interesting for rendezvous (like flash proxy) or for
 dynamically fetching bridge addresses.

 I would be fully interested and supportive of these sort of use situations
 since it's less blatant when used as an extremely low volume covert
 channel, and we are looking into auto-bridge distribution.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15213#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list