How to stop DNS & ICMP Tunneling exploit



  • I desire to prevent, or nominalize, exploit Tunneling over DNS or ICMP.
    http://thomer.com/howtos/nstx.html
    http://thomer.com/icmptx/
    My wireless traffic travels through a pfSense imbedded unit then
    on through third party captive portal hotspot software
    (we couldn't use pfSense CP due to missing critical features).
    I hope for a solution that doesn't interfere with normal operation.
    Thanks, -pc



  • Would bandwidth limiting DNS & ICMP per host to a small level that still works well under normal circumstances be a good way to solve this?



  • @pcatiprodotnet:

    Would bandwidth limiting DNS & ICMP per host to a small level that still works well under normal circumstances be a good way to solve this?

    You could just block icmp and block DNS to everything except your DNS server.  That'll take care of ICMP tunneling, DNS tunnelling is still available of course, maybe someone else has an idea on how to take care of that (without using the traffic shaper - which would work also, in a roundabout way).

    –Bill


Log in to reply