Tunneling traffic through DNS, a.k.a free internet in cafes/airports

This is a great hack, although it requires a lot of work. I have it installed on my server and my Mac, and surfing/e-mailing works fine.<p>I have been toying with the idea of having the client part ported to my iPhone, so I can use paywall wifi directly from a mobile device. This would require porting the Perl client code over to C.

This is also possible by tunneling through ICMP: <a href="http://www.cs.uit.no/~daniels/PingTunnel/" rel="nofollow">http://www.cs.uit.no/~daniels/PingTunnel/</a>

I use &#60;a href=code.kryo.se/iodine&#62;iodine&#60;/a&#62; as a wrapper for this, and I use it <i>very</i> frequently (as I fly internationally at least once every few weeks). It usually sits as a service on my home server. So far the only airport where I didn't make it to work was in Miami (where I connected though a socks tunnel though my iphone 3g anyways).<p>dns tunelling is slow, but handy for console/screen situations. I usually use it to download the newspaper before getting into the plane (a bunch of wgets) and refresh the rss feeds on newsbeuter.

Use Kismac to collect MAC addresses with significant packets in/out, clone a MAC, ssh -D9091 to my remote server, tunnel everything through my local SOCKS5 port 9091. Works well enough for me.

I might be wrong, but wouldn't this not help the situation at airports where the AP resolves all DNS requests to a page that is like "pay for service!"?<p>I was under the impression that in those configurations the AP intercepts all the DNS packets and responds with a fixed IP.<p>It would be nice to get around port blocking filters though...

I've set this up and it's pretty slow. Cool hack though. Better off with 3G card or tethering bluetooth on a 2G network. Useful with international travel though where phones get sketchy...

Won't this be too slow to be useful for anything except a proof of concept?

&#62;&#62; I offer to set up a subdomain for you which delegates all requests (see above) to your fake nameserver.<p>Isn't that just like publishing-to-all-hackers your "not so secure" server?

Does anyone know how secure this is? I'm assuming that the traffic is unencrypted, so technically your packets could be intercepted.

It's a great way to bypass firewalls. Wasn't this used in a worm in the 90s?

&#62;...called OzymanDNS ...<p>Ozymandias? Haha, is that a Watchmen reference? If so, how apropos. "Quis custodiet ipsos custodes?" Not the folks running open hotspots.

I refuse to call myself a hacker until I can test this. Hot!