Saturday, June 9, 2007

iodine and pingtunnel

Well I tried to go to bed last night at a decent time...guess it just
didn't work out.

In any case I decided to experiment with some tunneling tools. I'm
very interested in being able to tunnel traffic along covert channels
especially for testing/auditing purposes for a client.

That being said I did a little searching around and found the two
tools listed in the subject of the blog. I tried pingtunnel first
but couldn't get it to function in my test environment. I sent an
information packed email to the softwares author and hope to hear
something in a timely fashion. In the interim I decided that I would
give iodine a shot and see what I could get to work. My preliminary
findings are below:

Start the server:

-(igs-awilliams@IGS-DEV01:ttyp5)-(11 files:26k@iodine)-(0 jobs)-(19:36)-
-(~/iodine:$)-> sudo /usr/local/sbin/iodined -f test.asdf
Enter password on stdin:

Opened /dev/tun0
Setting IP of tun0 to
Adding route to
add net gateway
Setting MTU of tun0 to 1024
Opened UDP socket
Listening to dns for domain test.asdf

Verfiy that the tun/tap interface is enabled:

tun0: flags=51 mtu 1024
groups: tun
inet --> netmask 0xffffff00 far so good. Now lets setup the client:

igs-awilliams@IGS-LAP02:~> sudo /usr/local/sbin/iodine -f test.asdf
Enter password on stdin:

Opened dns0
Opened UDP socket
Version ok, both running 0x00000400. You are user #0
Setting IP of dns0 to
Setting MTU of dns0 to 1024
Sending queries for test.asdf to

The tun/tap interface was aptly named dns0 so lets check that its
been created correctly:

dns0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr: P-t-P: Mask:
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:21 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:2153 (2.1 Kb)

If all this works correctly I should be able to ping from right?

igs-awilliams@IGS-LAP02:~> ping
PING ( 56(84) bytes of data.
64 bytes from icmp_seq=1 ttl=255 time=18.1 ms
64 bytes from icmp_seq=2 ttl=255 time=17.2 ms
64 bytes from icmp_seq=3 ttl=255 time=17.3 ms
64 bytes from icmp_seq=4 ttl=255 time=17.3 ms
64 bytes from icmp_seq=5 ttl=255 time=17.4 ms

--- ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4040ms
rtt min/avg/max/mdev = 17.201/17.491/18.108/0.339 ms


NOTE: Usage of iodine makes use of the tun/tap driver of *nix
platforms. Windows users need not apply. The driver installs
standard on OpenBSD (the server in the example above) and requires a
kernel adjustment and compile on Linux (the client in the example).
For a list of supported OSes and platforms consult the following:

May Your Skill Prevail.


DreamKatcher said...

Thanks for you post, it will help me with iodine setup.

Anthony Williams said...

You are more than welcome! I wish you success in installing and configuring iodine.