Title: How to bypass Nordnet's internet quota
Date: 2015-02-16 18:40

**TL;DR VPN on 53/udp**

I was spending a couple of weeks at my dad's house,
in the middle of nowhere, before starting my internship,
my last scholar holidays ever.
Being lost in outback means having a super-shitty internet connection.
Here, it's powered by [Nordnet]( http://nordnet.fr ), part of the [Orange]( https://orange.fr) group:
40€ for 10Go; but *fortunately* you can get some more, for 15€ per Go,
the maximum bandwidth being around 75ko/s. In France, you can get an
unlimited (but throttled) data plan for your mobile [for 20€]( http://mobile.free.fr/);
 so this smells more like a theft than an honest commercial deal.

Anyway, I was slacking on IRC when my ssh connection dropped,
and so did every other established ones.

```
$ curl dustri.org
<html>
<head>
<title>307 Temporary Redirect</title>
</head>
<body>
<h1>Temporary Redirect</h1>
<p>The document has moved  <a href="http://http://sat-new.nordnet.fr/redirection">here</a> .</p>
</body>
</html>
```

Ok, some MITM (please notice the wrong url), to show me this page:

![overquota]( {static}/images/overquota.png)

Time to try old tricks!

```
$ dig @195.154.14.189 test.dustri.org txt | grep Success
test.dustri.org.	86400	IN	TXT	"Success!"
```

Everything old is new again.

No lying DNS, time to fire [iodine]( http://code.kryo.se/iodine/ )!

But since iodine is awfully slow (and broken, but I'm keeping this for another article ;) ),
I tried to fire my VPN on 53/udp, since doing [DPI]( https://en.wikipedia.org/wiki/Deep_packet_inspection )
instead of a lying DNS would be both idiotic and overkill; and … yes, it worked.

It seems that no only they tell their poor <s>victims</s> consumers that *internet equals web*,
but that they're believing this themselves. Pretty awesome for an ISP.

Since I'm a cool guy, I wanted to contact their technical support before publishing
this blogpost, but it seems that you need to call a [surcharged phone line]( http://assistance.nordnet.com/ )
to get in touch with them.

So until they stumble upon this blogpost, figure either how to setup a lying DNSd
or how to have a proper firewall, this trick should still work.
And if it doesn't, I'm quite sure that you can find the other ones by yourself ;)