Tunneling ssh over DNS

Dan Kaminsky, the Jedi master of packet-level hacking, has figured out how to tunnel ssh over DNS, a stupendously weird and cool feat. Ever been at an airport or coffee shop with WiFi that redirects you over and over again to the same captive portal page no matter what you do? With Kaminsky's tool, you could circumvent any captive portal that allows DNS to slip through. Here's the presentation he gave at the LayerOne conference in Los Angeles.
Reverse Serial Propagation

Can be quickly and statelessly deployed

* Scan networks with generic recursive probe
* For each incoming request seeking to service the probe, return whatever(TTL=0) and probe with an actual block request
 - If a block request comes back from the recurser, populate the server
 -If the population packet drops, the upstream should retransmit
* Move back through the file after each server group fills up
* Can be much slower to populate!

480k Powerpoint Link (via Oblomovka)