New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Hosts that will allow VPN over ICMP tunnel / make an exception for DDoS proteciton rules?
Hello, I have always wanted to try out VPN over ICMP tunneling but every host I have asked about this warned me that I risked being banned by their DDoS protection services for sending too many ICMP packets. Are there any hosts / networks out there that would be willing to make an exception for a single user and allow this type of heavy incoming ICMP packets (up to lets say 20mbps)?
Comments
Hi, try our services at https://nicevps.net. We don't feature any service ban nor filter connections.
We have simple on/off switch for DDoS protection that you can enable or disable at any time if it causes you problems.
The ill-conceived notion of using ICMP to transport data is all but against the entire point of ICMP. I can understand if you are trying to avoid the pratfalls of UDP, but that's why TCP was invented.
I can't say I know of anyone that would even be interested in a test case scenario of 20 megabits of icmp traffic. It's literally been the first stage of script kiddies for decades..
Just use a different lower-level transport protocol. Hell there's got to be people out there that would allow something that looks like netware.
@nice obviously doesn't understand the OSI layers and precisely what is being asked here.
Adding to what @WSS mentions above, using ICMP as your transport protocol is prone to errors as well. When congestion hits a network, typically ICMP packets are the first to be dropped.
You can't guarantee that your packet will reach the destination, especially with the more hops you add between the server and the destination. And if you try to, you'd just be recreating TCP...
He's probably using it for something like this: https://github.com/DhavalKapil/icmptunnel
Which can bypass more things and perhaps is what he specifically needs.
@WSS I don't want to do it because I think it has superior performance.. I want to do it to avoid firewalls that block VPNs such as in China, where UDP packets are also specifically throttled and TCP is not, but TCP-in-TCP tunnels have their own performance problems.
@HackedServer thanks for grasping the point of the question, rather than trying to tell me this topic is not worth researching. I got renewed interest in the topic after seeing this guy's tool: https://github.com/wangyu-/udp2raw-tunnel - He also has a FakeTCP mode that looks interesting, it tries to trick the firewall into detecting packets as TCP when they are actually receiving by the app's raw socket as unreliable.
@nice I might have a look at this, unfortunately the location isn't ideal
Sorry, that's what we can offer at this time. More locations will come soon. Regards
It might be a means to an end, but it's not going to work very well, and being that it's based on, well, ping, guess how long it's going to take the GFoC to start filtering those. It's not the right solution.