Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?

Submission + - IP over DNS tunneling has evolved ( writes: "Twelve years ago, the first Slashdot article about the IP over DNS technology was published:

In those times, there was only one publicly available IP over DNS client: NSTX, targeting Unix-like operating systems only, cited in the article.

Today, you will find at least 9 software packages for this purpose: VPN-over-DNS, Iodine, Element53, MagicTunnel, Heyoka, Dns2tcp, NSTX, OzymanDNS and DNScat, making the technology available for Android, Mac OS X, Windows, Linux and Unix-like platforms. The only general-purpose operating system that does not support this technology is iOS: even if you can find some VPN clients for iOS (mainly IPsec, PPTP and VPN over SSL clients), only major VPN technology vendors, like Cisco, can afford to publish one: publishing an application that can make use of iOS low-layer networking protocols needs you to establish an agreement with Apple. Not so easy...

The interesting thing about this technology is that it lets you by-pass the captive portal on any public Wi-Fi network: an easy way to connect to the Internet without having to sign in with your credit card. Maybe not legal.

The strange thing is that even if, for many years, Next Generation Firewalls that can filter such tunnels are available (they correlate queries and filter only those used to tunnel data), you can try nowadays some of the previously listed tools on public Wi-Fi HotSpots with captive portals (hostels, train stations, airports...) and you will see that no one of these firewalls has been deployed on those networks!

A public forum about IP over DNS is available at"

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

IP over DNS tunneling has evolved

Comments Filter:

Marvelous! The super-user's going to boot me! What a finely tuned response to the situation!