[TriLUG] using sshd tunnelling for dns request
Clay Stuckey
claystuckey at gmail.com
Wed Jan 27 21:03:57 EST 2010
Even if it is not NIPRNET, and it is a camp-wide wifi network intended
for the morale of the troops, there are always policies in place and
typically with good reason. Use of non-dod web-based email is
prohibited. All soldiers are issued email accounts that can be used to
communicate with family and friends. Sites such as skype, gmail,
hotmail and things like that are prohibited because it does not allow
the DoD to protect not only the local machines but also monitor
activity and filter traffic. I know this is where some people may go
"1984" on me. I am sure that if you have family deployed, you don't
want someone else to relay troop movements back home to grandma and
have the bad guys catch the info. Also regarding DNS, that is a real
big deal because there is a huge DNS black hole list that the DoD
maintains. This helps to prevent our boys from unknowingly accessing a
malicious site.
I have seen the good, the bad and the ugly when it comes to
information security in the DoD. It is absolutely there for a reason.
While they sometimes miss the mark, they hit it most of the time. To
tunnel or proxy any traffic is going to be a violation of DoD policy
and will open up potential security risks. I know this is most likely
a personal use network but sensitive information has a tendency to
become mobile. For this reason, the DoD extends some of its
information security policy to these MWR networks.
If the DNS server is unreliable due to outages, the problem can be
resolved. If it is unreliable because some sites are filtered out,
that is an issue that you will have to take up with the local IA team.
If there is a specific site, ask them about it. There is a small
possibility that it has been blacklisted in error. I have seen cases
like these in the DNS for the US Naval Fleet as well as an Army camp
in Africa. Once I found the errors, I was able to verify/document that
they were not on the official DNS Black Hole List and have the entries
removed.
Clay Stuckey
>>
>>
> Wifi suggests this is not a military network, but rather a camp wide
> network
> put on by an AAFES sub-contractor. Chip, if it is local-national
> run, it
> would be best if you sent him a live linux CD instead of XP. Just my
> opinion.
More information about the TriLUG
mailing list