Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
tree: 8fa9e868eb

Fetching latest commit…

Octocat-spinner-32-eaf2f5

Cannot retrieve the latest commit at this time

Octocat-spinner-32 ds
Octocat-spinner-32 sdt
Octocat-spinner-32 seds
Octocat-spinner-32 sods
Octocat-spinner-32 README
README
WHAT IS IT?

sods is a socket over dns server that uses the DNS to tunnel data. sods
includes a small, portable client (sdt) and ds, a utility to scan for
DNS servers that support recursion.

The protocol is interoperable with OzymanDNS
(http://lmgtfy.com/?q=OzymanDNS).


WHAT DO I NEED TO BUILD IT?

Not much. OpenSSL is optional, if your OS doesn't support
arc4random().

sods has been built on Ubuntu Linux, Maemo, OpenWRT, Mac OS X and
Solaris 8.


HOW DO I BUILD IT?

# Server
cd sods
./configure
# adjust the Makefile
make

# Client
cd sdt
./configure
# adjust the Makefile
make


HOW DO I RUN IT?

# In the sods directory
sudo ./sods -vvvv -d /tmp -L 127.0.0.1:22 a.example.com # if you have an SSH server on localhost

# In the sdt directory
ssh -o ProxyCommand="./sdt -r 127.0.0.1 sshdns.a.example.com" 127.0.0.100

# As a TCP proxy
./sdt p 23233 -r 127.0.0.1 sshdns.a.example.com
ssh -p 23233 localhost # for OpenSSH

The sods client works best with GNU screen installed on your shell
server (see the scripts directory for an example of a script to
reconnect if the connection is dropped).


WHY WOULD I WANT TO USE IT?

sods is tiny, easily ported and fast. Well, sort of fast, for a
tunnel going over DNS. Which means not really very fast.

sods has a few tricks to get around network limitations.

Some ways to use sods:

* use of gated internet access that allow DNS queries, like those found
in airports, coffee shops, restaurants and hotels, when you just need
quick SSH access

* to bypass firewall port or proxy filtering and snooping

* penetration testing: bypass strict access controls on outgoing
connections on secure networks

* have fun with anyone doing traffic analysis on your network usage


FEATURES

* use TXT, CNAME or NULL records to encapsulate data

* supports multiple forwarded sessions (use multiple "-L" option)

* round robin packets between name servers

* bounce connections off of public recursive name servers (-r random)

* dynamic backoff/throttling of client

* client can use be used as a pipe (for OpenSSH) or as a TCP proxy (for other ssh clients)


TODO

* remove hardcoded options and use define, e.g., nobody/nogroup

* re-write the sods server in Erlang, using the native SSH
support. Reliable, fault tolerant DNS and ssh server for an unreliable
protocol!!

* write an Erlang client

* multiplex connections to the TCP proxy

* allow the client to specify a host/port

For example, if the client requests "mysshserver.com.sshdns.s.example.com",
the request would cause the sods server to open a port to
"mysshserver.com" on port 22. To specify a port, the client could
embed the port, maybe: mysshserver.com-2222.sshdns.s.example.com
Something went wrong with that request. Please try again.