Skip to content

Instantly share code, notes, and snippets.

@Jxck-S

Jxck-S/firewall-bypass-and-llm-over-dns.md

Created August 29, 2025 21:40
Show Gist options
  • Save Jxck-S/dabba9774c5ab27d0bd9c8d1431fa876 to your computer and use it in GitHub Desktop.
Save Jxck-S/dabba9774c5ab27d0bd9c8d1431fa876 to your computer and use it in GitHub Desktop.
Download ZIP
Overview of research methods for bypassing firewalls (iodine, wstunnel) and constrained protocol communication with LLMs (ch.at over DNS/SSH).
Raw
firewall-bypass-and-llm-over-dns.md

Firewall Bypass and Tunneling Techniques (Research Overview)

This document provides a high-level overview of different approaches to communicating through restrictive firewalls.
Some methods tunnel arbitrary network traffic (iodine, wstunnel), while others (like ch.at) demonstrate constrained protocol interactions with large language models (LLMs).

⚠️ Disclaimer
This information is provided for research and educational purposes only.
Do not use these tools to bypass restrictions or controls you are not authorized to.

Methods

1. Iodine (DNS Tunneling)

  • Description:
    Iodine tunnels IPv4 traffic over DNS queries and responses. Since DNS is almost always permitted (UDP/53), it can be exploited to carry arbitrary data.
  • Use cases:
    • Bypassing captive portals (e.g. hotels, airports)
    • Research into DNS misuse and covert channels
  • Limitations:
    • Very low bandwidth (a few kbps)
    • Detectable with DNS inspection and traffic analysis

Project: Iodine on GitHub

2. Wstunnel (WebSocket over HTTPS)

  • Description:
    Wstunnel encapsulates TCP traffic inside WebSockets running over HTTPS (TCP/443). This makes tunnels appear as ordinary encrypted web traffic.
  • Use cases:
    • Evading firewalls that only permit HTTPS
    • Avoiding deep packet inspection (DPI)
  • Benefits:
    • Higher throughput than DNS tunneling
    • Difficult to distinguish from legitimate HTTPS sessions
  • Limitations:
    • Requires a WebSocket-capable server endpoint

Project: Wstunnel on GitHub

3. ch.at (LLM over DNS/SSH)

  • Description:
    Unlike iodine or wstunnel, ch.at is not a generic traffic tunnel.
    Instead, it is a demonstration of running a large language model (LLM) interaction over constrained protocols such as:

    • DNS TXT records
    • SSH sessions

    Queries to the model are sent via these limited transports, and responses are delivered back in the same way.
    In effect, it shows how you can still interact with an AI/LLM even when only very minimal channels (like DNS lookups) are available.

  • Use cases:

    • Research into LLM accessibility under extreme network restrictions
    • Proof-of-concept for resilient AI communication

  • Benefits:

    • Works over protocols that are almost always allowed (DNS, SSH)
    • Demonstrates adaptability of LLM communication

  • Limitations:

    • Not meant for generic tunneling
    • Bandwidth-limited and high-latency compared to direct API use

Project: ch.at

Comparison Table

Method Primary Function Protocol Encapsulation Bandwidth Notes
Iodine Arbitrary traffic tunneling DNS queries/responses Low Captive portal bypass
Wstunnel Arbitrary traffic tunneling WebSockets over HTTPS Medium-High Stealthier, faster
ch.at LLM interaction only DNS TXT / SSH session Very Low Research demo, not a tunnel

Key Takeaways

  • Iodine and wstunnel are true tunneling solutions for bypassing firewalls.
  • ch.at is different: it doesn’t tunnel arbitrary traffic, but rather exposes an LLM interface over minimal protocols.
  • Together, these projects highlight different ways to maintain communication across highly restrictive networks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment