I have to interject here - not to blow my own trumpet, but as a 'point of fact'. (Oops... once you start correcting misinformation on the internet, you are going to be busy for a long time.)
Before that there was a long standing existing technique to tunnel data through UDP packets that simply pretended to be destined for the DNS port (53). That stopped working if the network admin filtered outbound UDP and forced people to use their local DNS server instead. My method still works in that scenario though.
(If anyone knows of an earlier reference to the method I posted about, please let me know.. for all I know it was a well-known tactic in the underworld before I posted to bugtraq.)
From Julian's post, it's not possible to see which of the two methods his code used, since the rb file seems to have disappeared. I suspect it was "my" method.
I do like the ppp interface through - mine just tunneled bash commands + responses.
Oskar, I didn't know you were an HN'er. Thanks for posting. I have studied malicious use of DNS for a long time and have not yet found any reference prior to your post in 1998. In fact, I used your original bugtraq post as a reference to kick off a whitepaper detection solution approach for enterprises: http://armatum.com/blog/2009/dns-part-ii/ I'd sincerely welcome your feedback.
HN'ers -- Despite Kaminsky's ego, all signs indicate Oskar invented DNS tunneling.
http://dnstunnel.de/
It's also interesting to note that Julian Assange (AFAIK) was the first person to come up with this idea back in 2006.
http://re-iq.blogspot.com/2006/12/ip-over-ppp-over-dns-over-...