Friday, March 13, 2009

Get Free WiFi by tunneling through DNS - Hak5

Interesting video on Hak5. Looks like your in trouble Fon!

"DNS Tunneling

The basic premise comes down to this: If you can connect to a wireless access point that has a captive portal running, constantly forwarding your web requests to a payment page, you can most likely bypass those restrictions if you can get name resolution.

Simply open a shell and ping your favorite website. It doesn’t matter if you get ICMP packets back, what you’re looking for is name resolution. If ping says “Pinging []” or similar you should be all set to tunnel your traffic over DNS

In order to get going you’ll need a domain, or sub-domain, a set of Perl scripts called Ozyman, a server to run the ozyman and ssh daemons on, and a little luck

Full step by step instructions can be found at Mubix’s wonderful blog o goodness at"


  1. Hey! I just finished watching this episode of hak5 tonight! I tend to put it off until the next episode is practically up... LOL

    What was regrettably left out from the tutorial was the fact that WISPs and other hotspot providers are already familiar with this exploit. Their solution is to severely throttle down the traffic which is tunneled over the DNS port.

    I believe that even Fon is doing this, though I have not tested it personally.

  2. I really like hak5. a lot of good stuff on their site. I figured I would blog about it since recently I havent had time to care about Fon. Not to mention the fact that we havent seen any major events happen for Fon.