A couple of days ago, we did some presentations about DNS at a FOSS NTUA meeting.

I prepared a presentation about DNS tunneling and how to bypass Captive Portals at Wifi Hotspots, which require authentication.
(We want to do another presentation, to test ICMP/ping tunnel too ;)).

I had blogged on that topic some time ago.
It was about time for a test-drive. :P

I set up iodine, a DNS tunneling server(and client), and I was ready to test it, since I would be travelling with Minoan Lines the next day.

I first did some tests from my home 24Mbps ADSL connection, and the results weren’t very encouraging. Although the tunnel did work, and I could route all of my traffic through the DNS tunnel, and over a second OpenVPN secure tunnel, bandwidth dropped to ~30Kbps, when using the NTUA FTP Server, through the DNS tunnel.
(The tunnel also worked with the NTUA Wifi Captive Portal, although at first we had some ‘technical issues’, ie I hadn’t set up NAT on the server to masquarade and forward the traffic coming from the tunnel :P).

The problem is that the bandwidth of the Minoan Lines(actually Forthnet ‘runs’ it afaik) Wifi(not inside the ‘local’ network of course) was ~30Kbps(terrible, I know), without using DNS tunneling. So, I wasn’t very optimistic. (I think they have some satelite connection, or something like that from the Wifi to the Internet).

When I was on the ship, I tried to test it. At first, I encountered another technical issue(the local DNS had an IP inside the Wifi local network, and due to NAT the IP our server was ‘seeing’, was different than the IP of the DNS packets, so we had to run iodined with the -c flag). Luckily, FOSS NTUA members(who had root access on the computer running iodined) are 1337 and fixed that in no time. :P

And at last, I had a ‘working’ DNS tunnel, but with extremely high ping times(2sec RTT) to the other end of the tunnel, and when I tried to route all traffic through the tunnel I had a ridiculous 22sec RTT to ntua.gr. Of course even browsing the Web was impossible, since all the HTTP requests timed out before an answer could reach my laptop. :P

However, because I am a Forthnet customer(for my ADSL connection), I was able to use my Username/Password of my home ADSL connection, and have free access to the Internet, from their hotspot(with the amaing bandwidth of ~30Kbps :P). At least they do the authentication over SSL. :P

Although DNS tunneling didn’t really work in this case(the tunnel itself worked, but due to the bandwidth being so low, I didn’t have a ‘usable’ connection to the Internet), I think that in other hotspots, which provide better bandwidth/connection, it can be a very effective way to bypass the authentication and use them for free. ;)

Probably, there’ll be a Part 3, with results from bandwidth benchmarks inside the NTUA Wifi, and maybe some ICMP tunneling stuff.

Cheers! :)

So, only for Greeks, or people from other countries, who have travelled with Minoan Lines… :P

If you have ever travelled from Athens to Heraklion(or vice-versa :P) with a Minoan Lines ship, mabye you’ll notice that there’s a Wifi Hotspot, owned by Forthnet. If you try to use it, you’ll be presented with a Captive Portal.

In order to get access to the Internet, you have to pay some money(extremely overpriced, concidering the speed/bandwidth, although … you are in a ship :P).

I suppose Forthnet has many other hotspots, like this one, and I guess the prices are pretty much the same. Unless you are already a Forthnet customer(like I am). Then, you have free access.

But, even if you are a Forthnet customer, I think it’s fun! to find out if/how you can bypass this captive portal.

A month ago, I was travelling to Crete, so I tried some things, but everything phailed. :P

So, I googled a bit, and I found some interesting things.

Apparently, the best, if not the only, way to bypass the captive portal is DNS Tunneling.

However, the connection was awful, so SSHing to my server, and setting up the “customized” DNS server, was impossible.

So, I did all the preperations(DNS server modifications, etc…) while I was in Crete, and hoped I could test it when I’d travel back to Athens.

But, the Wifi Hotspot(specifically the Captive Portal “server” I think) was ‘down’, when I was travelling, so I couldn’t test DNS tunelling.

Maybe, next time.

Anyway, if anyone has tried it, let me know.

Although I think the bandwidth/speed will be terrible, considering the DNS tunelling overhead.

Btw, tricks like MAC/IP spoofing, ARP poisoning, hacking a poor Windoze unpatched user(etc etc), and setting up a NAT, are out of the question, since I wanted to ‘hack’ the hotspot/portal, and not the (l)users. :P

Ch(b)eers!

(to the hotspot admins! :P)

Follow

Get every new post delivered to your Inbox.

Join 276 other followers