Dan Kaminsky, the Jedi master of packet-level hacking, has figured out
how to tunnel ssh over DNS, a stupendously weird and cool feat. Ever
been at an airport or coffee shop with WiFi that redirects you over and
over again to the same captive portal page no matter what you do? With
Kaminsky’s tool, you could circumvent any captive portal that allows
DNS to slip through. Here’s the presentation he gave at the LayerOne
conference in Los Angeles.

Reverse Serial Propagation

Can be quickly and statelessly deployed

* Scan networks with generic recursive probe
* For each incoming request seeking to service the probe, return whatever(TTL=0) and probe with an actual block request
 – If a block request comes back from the recurser, populate the server
 -If the population packet drops, the upstream should retransmit
* Move back through the file after each server group fills up
* Can be much slower to populate!

480k Powerpoint Link

(via Oblomovka)