Don’t most consumer grade router/firewall combos (like the type you’d come across at your local coffee shop) have ICMP flood protection built in, from both the WAN and LAN side? Seems like that would cause a some of them to lock up and bug out.

Neat idea though, and I could definitely see how it would be handy to do.

chuck: I believe the flood protection is only to protect the device against packets addressed to it (ie. that it would normally have to respond to). I don’t think it effects any other “passing through” packets.

Having said that, ICMP can’t properly be put through Network Address (and port) Translation because it doesn’t use port numbers, so most places will use an ICMP Proxy application on the router to keep track of all of the packet flows. (your average Linksys router has this built in) That program has to keep a state of all outgoing and incoming packets, and unlike IPtables connection tracking within the Linux kernel, I doubt it’s super efficient, so you might well find that only a few hundred packets per second could make the poor old router run out of RAM and freeze or get CPU bound and drop packets.

Eh? This is neither new, or anything to do with hacking…

Anyway, I’ve been running IP-over-DNS for over a year now, with a bit of help from the another tutorial on the same site.
http://thomer.com/howtos/nstx.html

Both of these tunneling implementations also have the ability to bypass many of the gateway “login” pages, such as those seen in Starbucks. I’ve found IPoDNS to interfere less with the operations of the server it’s running on & more frequently able to bypass the above gateways.

There are a few IPoDNS implementations out there, one of which, memorably boasted impressive speeds of ~1Mbps. I chose NSTX for the supposed better stability.

This is old news! Weren’t we all doing this back in 01′ ??

That’s not new, and since most people allows HTTPS, just run OpenVPN on port 443, tweak a little the config. so as to be able to run through proxys, and you get a cleaner solution, along with authentication (no MiM against your VPN connection), confidentiality and integrity.

running openvpn on port 443 is useful in a totally different situation. icmptx can be used to get internet access when http is blocked. and it is MUCH faster than ip-over-dns. the only requirement is that you have to be able to ping your server.

by the way, there is a much better implementation here:
http://code.gerade.org/hans