Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
C Shell Makefile
Tree: 8331a2ddf8

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
ds
include
priv
sdt
sods
src
Emakefile
Makefile
README
start.sh

README

WHAT IS IT?

sods is a socket over dns server that uses the DNS to tunnel data. sods
includes a small, portable client (sdt) and ds, a utility to scan for
DNS servers that support recursion.

The protocol is interoperable with OzymanDNS
(http://lmgtfy.com/?q=OzymanDNS).


WHAT DO I NEED TO BUILD IT?

Not much. OpenSSL is optional, if your OS doesn't support
arc4random().

sods has been built on Ubuntu Linux, Maemo, OpenWRT, Mac OS X and
Solaris 8.


HOW DO I BUILD IT?

# Server
cd sods
./configure
# adjust the Makefile
make

# Client
cd sdt
./configure
# adjust the Makefile
make


HOW DO I RUN IT?

# In the sods directory
sudo ./sods -vvvv -d /tmp -L 127.0.0.1:22 a.example.com # if you have an SSH server on localhost

# In the sdt directory
ssh -o ProxyCommand="./sdt -r 127.0.0.1 sshdns.a.example.com" 127.0.0.100

# As a TCP proxy
./sdt p 23233 -r 127.0.0.1 sshdns.a.example.com
ssh -p 23233 localhost # for OpenSSH

The sods client works best with GNU screen installed on your shell
server (see the scripts directory for an example of a script to
reconnect if the connection is dropped).


WHY WOULD I WANT TO USE IT?

sods is tiny, easily ported and fast. Well, sort of fast, for a
tunnel going over DNS. Which means not really very fast.

sods has a few tricks to get around network limitations.

Some ways to use sods:

* use of gated internet access that allow DNS queries, like those found
in airports, coffee shops, restaurants and hotels, when you just need
quick SSH access

* to bypass firewall port or proxy filtering and snooping

* penetration testing: bypass strict access controls on outgoing
connections on secure networks

* have fun with anyone doing traffic analysis on your network usage


FEATURES

* use TXT, CNAME or NULL records to encapsulate data

* supports multiple forwarded sessions (use multiple "-L" option)

* round robin packets between name servers

* bounce connections off of public recursive name servers (-r random)

* dynamic backoff/throttling of client

* client can use be used as a pipe (for OpenSSH) or as a TCP proxy (for other ssh clients)


TODO

* remove hardcoded options and use define, e.g., nobody/nogroup

* re-write the sods server in Erlang, using the native SSH
support. Reliable, fault tolerant DNS and ssh server for an unreliable
protocol!!

* write an Erlang client

* multiplex connections to the TCP proxy

* allow the client to specify a host/port

For example, if the client requests "mysshserver.com.sshdns.s.example.com",
the request would cause the sods server to open a port to
"mysshserver.com" on port 22. To specify a port, the client could
embed the port, maybe: mysshserver.com-2222.sshdns.s.example.com
Something went wrong with that request. Please try again.