Tunneling IP traffic over ICMP

icmptx

We all hate it when we find an unencrypted WiFi network at our favorite coffee shop, restaurant, airport, or other venue, only to discover that there are traffic restrictions. Most limited networks allow HTTP and HTTPS traffic only, or so is the common misconception. In the majority of cases, ICMP traffic is also allowed, permitting the users to ping websites and IP addresses. You may be asking, “Ok, so why does that matter?” Well, all of your IP traffic can be piped through an ICMP tunnel, disguising all your surfing as simple ping packets. [Thomer] has a detailed guide on how to create and utilize such a tunnel using ICMPTX. So the next time you are at the local cafe and want to fire up VLC to watch TV shows from your home PC, give this guide a quick read.

Comments

  1. Chuck says:

    Don’t most consumer grade router/firewall combos (like the type you’d come across at your local coffee shop) have ICMP flood protection built in, from both the WAN and LAN side? Seems like that would cause a some of them to lock up and bug out.

    Neat idea though, and I could definitely see how it would be handy to do.

  2. CH says:

    Why not use a http tunnel, like HTTPTunnel?

  3. O Mattos says:

    chuck: I believe the flood protection is only to protect the device against packets addressed to it (ie. that it would normally have to respond to). I don’t think it effects any other “passing through” packets.

    Having said that, ICMP can’t properly be put through Network Address (and port) Translation because it doesn’t use port numbers, so most places will use an ICMP Proxy application on the router to keep track of all of the packet flows. (your average Linksys router has this built in) That program has to keep a state of all outgoing and incoming packets, and unlike IPtables connection tracking within the Linux kernel, I doubt it’s super efficient, so you might well find that only a few hundred packets per second could make the poor old router run out of RAM and freeze or get CPU bound and drop packets.

  4. dbr says:

    A friend wrote a similar article on using ping tunnel, which seems a bit easier to setup than icmptx – http://neverfear.org/blog/view/9/using_icmp_tunneling_to_steal_internet

  5. Doug says:

    Eh? This is neither new, or anything to do with hacking…

    Anyway, I’ve been running IP-over-DNS for over a year now, with a bit of help from the another tutorial on the same site.

    http://thomer.com/howtos/nstx.html

    Both of these tunneling implementations also have the ability to bypass many of the gateway “login” pages, such as those seen in Starbucks. I’ve found IPoDNS to interfere less with the operations of the server it’s running on & more frequently able to bypass the above gateways.

    There are a few IPoDNS implementations out there, one of which, memorably boasted impressive speeds of ~1Mbps. I chose NSTX for the supposed better stability.

  6. mumon says:

    @doug:

    It’s getting something to do what it wasn’t meant to do, sounds like hacking to me.

  7. Matt says:

    This is old news! Weren’t we all doing this back in 01′ ??

  8. Dave says:

    @doug:

    Your bypassing the “Please pay here” page and you don’t think it’s hacking? WTF?

  9. Anne O'Nymous says:

    That’s not new, and since most people allows HTTPS, just run OpenVPN on port 443, tweak a little the config. so as to be able to run through proxys, and you get a cleaner solution, along with authentication (no MiM against your VPN connection), confidentiality and integrity.

  10. Anne O'Nymous says:

    PS : It doesn’t bypasses captive portals, but it wasn’t the scope of the article (it deals with bypassing the limitations on a network access you already have).

  11. dean says:

    running openvpn on port 443 is useful in a totally different situation. icmptx can be used to get internet access when http is blocked. and it is MUCH faster than ip-over-dns. the only requirement is that you have to be able to ping your server.

    by the way, there is a much better implementation here:

    http://code.gerade.org/hans

  12. Centos User says:

    Any can help me how to install ICMPX on centos. Our ISP blocked both tcp and udp. TIA

  13. VPN Master says:

    I found an app for android phones that will let you tunnel through ICMP it is called DroidVPN. The only downside of the app is it requires you to root your phone. But overall the app is pretty much easy to use. Just install and connect. Check out their website DroidVPN for more details.

  14. baba says:

    i still don’t get it. i’d like know how to get a reliable vpn with icmp connection…

  15. Mike says:

    does it support NAT ? no traffic passed if client is behind nat

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 93,621 other followers