Home Forums DNS tunneling is unsecure ? iodine

This topic contains 1 reply, has 2 voices, and was last updated by  9sha 1 month ago.

  • Author
    Posts
  • #444063

    brohermano
    Member

    Hi there,

    I was just gonna try to establish a DNS tunnel connection point from a server, just for fun and see what I really get.
    I have taken a look to the following tutorial
    https://medium.com/@galolbardes/learn-how-easy-is-to-bypass-firewalls-using-dns-tunneling-and-also-how-to-block-it-3ed652f4a000
    That take us to the tool `iodine`
    https://github.com/yarrick/iodine

    As far as I could see , there is no keys or certificates to be established in this connection , so my main concern is , if I were to “serve” a connection via `iodine` , that connection can be accessed through literally any host over the internet, so someone could probe this and hack into my server.

    Am I right or I’m missing the point on how this service work?

    Has anyone tried it?

    Any thoughts?

    Thank you!

  • #444064

    9sha

    someone would have to find it, and know its iodine to use it. if you were concerned you could firewall off.

  • #444065

    networkalchemy

    I use it in pen testing when I can’t get out of the network, say to grab an exploit of something.

    I add it as a finding too. Because 1. They really shouldn’t allow it
    2. They 99.9999% sure are not monitoring it

You must be logged in to reply to this topic.