Changes between Version 14 and Version 15 of TipsAndTricks


Ignore:
Timestamp:
10/31/12 22:43:49 (5 years ago)
Author:
yarrick
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • TipsAndTricks

    v14 v15  
    1212The hex string is your subdomain in network byte order, and can be found by inspecting your iodine traffic with {{{tcpdump(8)}}}. See more here [http://www.wormnet.eu/dns/vpn] 
    1313 
    14 The above practice doesn't allow raw logins, as the raw traffic packets do not contain the DNS subdomain - but they still contain static bytes that can be used to match against. 
    15 Because the two static strings enclose variable data, you must match two different parts of the DNS packet. This can be accomplished using route marking: 
     14The 'raw mode' does not use DNS, just the same port, so it will not contain the domain name. But it starts with a static 3 byte header which can be used: 
     15{{{ 
     16iptables -t nat -A PREROUTING -p udp --dport 53 -m string --algo bm --from 0 --hex-string "|10d19e|" -j REDIRECT --to-ports 5353 
     17}}} 
    1618 
    17 {{{ 
    18 iptables -t mangle -A PREROUTING -p udp --dport 53 -m string --algo bm --from 0 --hex-string "|45000030|" -j MARK --or-mark 2 
    19 iptables -t mangle -A PREROUTING -p udp --dport 53 -m string --algo bm --from 12 --hex-string "|50437506|" -j MARK --or-mark 1 
    20 iptables -t nat -A PREROUTING -p udp --dport 53 -m mark --mark 0x3 -j REDIRECT --to-ports 5353 
    21 }}} 
    2219 
    2320=== Running iodine behind BIND9 ===