We all hate it when we find an unencrypted WiFi network at our favorite coffee shop, restaurant, airport, or other venue, only to discover that there are traffic restrictions. Most limited networks allow HTTP and HTTPS traffic only, or so is the common misconception. In the majority of cases, ICMP traffic is also allowed, permitting the users to ping websites and IP addresses. You may be asking, “Ok, so why does that matter?” Well, all of your IP traffic can be piped through an ICMP tunnel, disguising all your surfing as simple ping packets. [Thomer] has a detailed guide on how to create and utilize such a tunnel using ICMPTX. So the next time you are at the local cafe and want to fire up VLC to watch TV shows from your home PC, give this guide a quick read.
Don’t most consumer grade router/firewall combos (like the type you’d come across at your local coffee shop) have ICMP flood protection built in, from both the WAN and LAN side? Seems like that would cause a some of them to lock up and bug out.
Neat idea though, and I could definitely see how it would be handy to do.
Why not use a http tunnel, like HTTPTunnel?
chuck: I believe the flood protection is only to protect the device against packets addressed to it (ie. that it would normally have to respond to). I don’t think it effects any other “passing through” packets.
Having said that, ICMP can’t properly be put through Network Address (and port) Translation because it doesn’t use port numbers, so most places will use an ICMP Proxy application on the router to keep track of all of the packet flows. (your average Linksys router has this built in) That program has to keep a state of all outgoing and incoming packets, and unlike IPtables connection tracking within the Linux kernel, I doubt it’s super efficient, so you might well find that only a few hundred packets per second could make the poor old router run out of RAM and freeze or get CPU bound and drop packets.
A friend wrote a similar article on using ping tunnel, which seems a bit easier to setup than icmptx – http://neverfear.org/blog/view/9/using_icmp_tunneling_to_steal_internet
That tutorial is tcp over udp not ip over udp
Eh? This is neither new, or anything to do with hacking…
Anyway, I’ve been running IP-over-DNS for over a year now, with a bit of help from the another tutorial on the same site.
http://thomer.com/howtos/nstx.html
Both of these tunneling implementations also have the ability to bypass many of the gateway “login” pages, such as those seen in Starbucks. I’ve found IPoDNS to interfere less with the operations of the server it’s running on & more frequently able to bypass the above gateways.
There are a few IPoDNS implementations out there, one of which, memorably boasted impressive speeds of ~1Mbps. I chose NSTX for the supposed better stability.
@doug:
It’s getting something to do what it wasn’t meant to do, sounds like hacking to me.
This is old news! Weren’t we all doing this back in 01′ ??
@doug:
Your bypassing the “Please pay here” page and you don’t think it’s hacking? WTF?
That’s not new, and since most people allows HTTPS, just run OpenVPN on port 443, tweak a little the config. so as to be able to run through proxys, and you get a cleaner solution, along with authentication (no MiM against your VPN connection), confidentiality and integrity.
PS : It doesn’t bypasses captive portals, but it wasn’t the scope of the article (it deals with bypassing the limitations on a network access you already have).
running openvpn on port 443 is useful in a totally different situation. icmptx can be used to get internet access when http is blocked. and it is MUCH faster than ip-over-dns. the only requirement is that you have to be able to ping your server.
by the way, there is a much better implementation here:
http://code.gerade.org/hans
Any can help me how to install ICMPX on centos. Our ISP blocked both tcp and udp. TIA
I found an app for android phones that will let you tunnel through ICMP it is called DroidVPN. The only downside of the app is it requires you to root your phone. But overall the app is pretty much easy to use. Just install and connect. Check out their website DroidVPN for more details.
i still don’t get it. i’d like know how to get a reliable vpn with icmp connection…
Did you already read this page http://thomer.com/icmptx/ ?
If you are willing to pay for a vpn account that can tunnel through ICMP you can try commercial vpn services that can tunnel through ICMP like PD-Proxy VPN and Wi-Free Both works perfectly on tunneling through ICMP.
does it support NAT ? no traffic passed if client is behind nat
hans source warned by statically compiled the following tips to ask how to solve ?
hans -c 104.xx.xx.xx -p password -d tun0 <
./hans: opened tunnel device: tun0
./hans: could not set tun device mtu
./hans: detaching from terminal
Good Lord, this hack is 9 years old. This is like archaeology :-)
And yet this hack still works on xfinitywifi everywhere.
The data always finds a way.