Home Forums DNS tunneling is unsecure ? iodine

This topic contains 1 reply, has 2 voices, and was last updated by  9sha 1 month ago.

  • Author
  • #444063


    Hi there,

    I was just gonna try to establish a DNS tunnel connection point from a server, just for fun and see what I really get.
    I have taken a look to the following tutorial
    That take us to the tool `iodine`

    As far as I could see , there is no keys or certificates to be established in this connection , so my main concern is , if I were to “serve” a connection via `iodine` , that connection can be accessed through literally any host over the internet, so someone could probe this and hack into my server.

    Am I right or I’m missing the point on how this service work?

    Has anyone tried it?

    Any thoughts?

    Thank you!

  • #444064


    someone would have to find it, and know its iodine to use it. if you were concerned you could firewall off.

  • #444065


    I use it in pen testing when I can’t get out of the network, say to grab an exploit of something.

    I add it as a finding too. Because 1. They really shouldn’t allow it
    2. They 99.9999% sure are not monitoring it

You must be logged in to reply to this topic.