[p2p-hackers] ICMP tunneling

David Barrett dbarrett at quinthar.com
Fri Jun 16 19:26:12 UTC 2006

Damn, that partyline application sounds tricky.  Very clever.

> -----Original Message-----
> From: p2p-hackers-bounces at zgp.org [mailto:p2p-hackers-bounces at zgp.org] On
> Behalf Of coderman
> Sent: Friday, June 16, 2006 10:14 AM
> To: Peer-to-peer development.
> Subject: Re: [p2p-hackers] ICMP tunneling
> On 6/16/06, Travis Kalanick <travis at redswoosh.net> wrote:
> > ...
> > It got me to thinking about ICMP tunneling around these wireless "toll
> > booths" so I could travel Asia and even the states without having to
> > communicate over those popular ports that cost money to communicate
> over.
> depending on how the captive portal is setup i've had luck using an
> openvpn connection in UDP mode to port 53 to a server i run at home or
> elsewhere.  obviously that means you can't run DNS on this host too.
> if the portal is setup properly (that is, they provide a DNS server
> and restrict all lookups to this endpoint) then you would have to use
> a more inefficient Kaminsky style DNS tunnel.
> the problem with using ICMP (which otherwise might work well) is how
> frequently it gets dropped or filtered, especially if you try sending
> large payloads in ping packets for example.  this would be a fun
> experiment.
> there was also a very NOT legal utility released last year at defcon
> (i think it was called "partyline" but i can't find it anymore) that
> would sniff for authenticated users who paid for service, set your
> wireless MAC to match, and then use a UDP openvpn tunnel for transport
> on their session without kicking them off or causing problems (like
> the TCP stack does when two hosts are sharing an IP/MAC).
> and last, it's not really applicable to your situation but there is
> even a covert tunnel utility using tun/tap devices that performs raw
> packet injection of specific types of 802.11 control/mgmt packets that
> are always responded to so that two clients could use a WISP tower AP
> for backhaul for example.
> i'd be curious to know if you have much luck, or if anyone else on the
> list is aware of other tunneling applications/methods.  this always
> reminded me of NAT busting to some degree, and i expect over time a
> good p2p toolkit will include all sorts of such features for
> internetworking across various transports and environments.
> _______________________________________________
> p2p-hackers mailing list
> p2p-hackers at zgp.org
> http://zgp.org/mailman/listinfo/p2p-hackers
> _______________________________________________
> Here is a web page listing P2P Conferences:
> http://www.neurogrid.net/twiki/bin/view/Main/PeerToPeerConferences

More information about the P2p-hackers mailing list