What is IP-over-DNS tunnelling? What is IP-over-DNS tunnelling please? I have seen this term used in the context of a captive portal. The idea was to redirect clients to the local web server and to force the DNS (?)....--prophetes.ai

What is IP-over-DNS tunnelling? What is IP-over-DNS tunnelling please? I have seen this term used in the context of a captive portal. The idea was to redirect clients to the local web server and to force the DNS (?). It was achieved by manipulating the PREROUTING tables. Apparently, this enabled to avoid IP-over-DNS tunelling... Unfortunately, I can't find the tutorial on which I saw this.

Ron is right with his comment.

IP-over-DNS tunneling (or more common name DNS tunneling) is a kind of attack, that allows to bypass usual network protection and send/receive data over DNS protocol, which tends to be less checked. The downside of it is a bit more complicated setup and the speed is very slow, as all data are sent inside DNS requests, which limits the amount in single packet and requires more packets to be sent.

Some examples where this can be used is to exfiltrate data from protected network, or to browse internet at the paid airport wi-fi. This browsing internet on paid wi-fi is exactly bypassing the captive portal as you have mentioned in your question. As far as I know, it can be avoided by proper configuration of your portal, but I don't have experience with this.

I hope this explanation will make it more clear for you. If you need more information, I would recommned searching for "dns tunneling"