this post was submitted on 07 Sep 2024
474 points (92.9% liked)
Technology
58303 readers
14 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
psst
Hey, kid, don't tell anyone I told you about this
*Lifts coat
You got the goods! I used an HTTP tunnel when I was in college.
I also like the idea of ptunnel
I don’t understand how that can be reliable without being extremely obvious.
Yeah, any off the shelf network intrusion software would probably immediately flag either of those based solely on the amount of traffic.
Well it would be obvious. Any decent network tool would be able to filter traffic on a port or type (ICMP, DNS, etc).
“Wonder why this kid has 2.5Gb of DNS traffic last week? That isn’t normal. Maybe we should go check it out”
The trick to staying hidden is to look like noise. And this would not be noise.
In 2014 when I was in the hospital for a week I got a visit from their IT. Seems like pushing 5 to 10 gig a day through a ssh connection triggered something. Just a gig of ICMP of any variety would trip a alarm.
Man, I wish I knew this back then. I used Google translate as a proxy. Then that was blocked, so I used babelfish's built-in translation engine which was touch and go. This would have helped a lot lol
I love things that can route internet over something that should not be used for that. For example I'm thinking of making same thing over SMS and Veloren/Minecraft (or anyother videogame)'s private chat or something.
Oh, you are going to love this one then if you haven't seen it before: https://robertheaton.com/pyskywifi/
Amazing...
Does it work with DoH ?
No, this is specifically for DNS over UDP (Port 53). What you're looking for is just an HTTPS proxy. There is no difference between a DoH connection and any other HTTPS connection.
Except on my networks all port 53 tcp/udp and port 853 for that matter are forwarded to my dns per firewall rules. I also block all encrypted dns as well as dns over https blocked. Its my dns or nothing. I also have a vpn and proxy blocklist that updates twice a day. PFblockerNG is effective when maintained.
This is a very neat tool that I’ve bookmarked for further research. But I think you’re missing the point. He doesn’t need to hide network traffic, he needs a Wifi6 router. Now maybe you could setup a router to go through this service to further obfuscate the traffic but I don’t think this alone solves his purpose.
But I’m very glad you posted it because I love learning about little tricks like this to get around overly restrictive networks.