Hi people, i found 2 new methods to do hotspot vulnerable called NSTX and ICMPTX... here I share it so that they are opening the eyes.
Mikrotik guys, what can say about this? are knowing this? is Mikrotik Hotspot vulnerable to this?

NSTX (IP-over-DNS) HOWTO
http://thomer.com/howtos/nstx.html

ICMPTX (IP-over-ICMP) HOWTO
http://thomer.com/icmptx/

http://packages.debian.org/unstable/net/nstx

Best Regards!
Alessio

Hi people, i found 2 new methods to do hotspot vulnerable called NSTX and ICMPTX... here I share it so that they are opening the eyes.
Mikrotik guys, what can say about this? are knowing this? is Mikrotik Hotspot vulnerable to this?

NSTX (IP-over-DNS) HOWTO
http://thomer.com/howtos/nstx.html

ICMPTX (IP-over-ICMP) HOWTO
http://thomer.com/icmptx/

http://packages.debian.org/unstable/net/nstx

Best Regards!
Alessio

HI! Alessio

is very great info


but i the HOTspot in MK, you can´t ping one machine outside of MK server, and can´t ping the gateway from the CPE or end user.

and when try resolve the name http://www.ford.com , no give the IP, because the gateway is unreacheable.

i not sure 100%, i am thinking no problem with MK HOTspot.

the two method need go to proxy for jump, how jump or go to proxy, if MK no respond the ping and the the end user can´t ping the proxy host in internet, the same for dns .

????

I can't see it being that common, however some default rules prevent any client like that from working imo.

Ie DNS redirect - this is enabled pretty much by default and redirects all DNS queries to the MT's DNS server. This effectively distroys any chance they have of using their own dodgy DNS server.

Also I don't see any overwhelming reason to allow a client full ICMP access out to the 'net in general. Sure ICMP between client <-> hotspot and hotspot <-> internet is critical but not client <-> internet. Unless I'm forgetting something.