| A hack system to bypass perimetral defense in most DMZ architectures. The high level idea to bypass perimetral defense in most DMZ architectures is based to common DNS configuration that permit resolution without authentication. Network architecture is visualized in next image: DNS Wind Walk. DNS resolution is allowed for any host that have one IP address, but the traffic is blocked AFTER name resolution if the firewall haven\'t a rule to permit traffic for a specified host. This rule is allowed dinamically by Radius Server response that identifies host like authorised checking UserName and Password. If I succeed to create a IP tunnel in DNS traffic, I can perform a data transfer without authentication!!! Soon I will insert more specific informations on the carried out job! -- Enjoy! |
![DNS Wind Walk.](\"http://necrosoft.altervista.org/immagini/DNS_WW-Overview.png\"){kind=link}