I downloaded Goat MMO simulator this morning and it has me in a playful mood.

Why not tunnel your games traffic over DNS?

You would need to host your own magically fake DNS server to be the middle man between DNS and your game server.

Preferably have clients connect directly to this fake DNS by writing your own fake DNS client and if you can't, query the locally assigned DNS instead.

It would be the ultimate firewall and NAT punch through...and since most paywall wifi hotspots don't block DNS....

It would be totally awesome.

Points for creativity :-)

Here are some challenges you'd have to overcome:

1) DNS is heavily cached. The time-to-live for various DNS entities is measured in hours, not milliseconds.
2) Many ISPs actually intercept DNS and resolve it themselves, rather than forwarding to an external DNS server. For example, Comcast does this, to send you to their own ad-filled "search help" page if you mis-type a domain name.
3) Most pay-for hotspots that I know about hijack both DNS and HTTP/HTTPS to bring up a "please pay now" paywall for whatever the first request is that your browser makes.
4) Some ISPs with strong "intrusion detection" systems (to clamp down on botnets and whatnot) may detect your unusual traffic as malicious.

Good luck, and please let us know how it goes :-)

1) DNS is heavily cached. The time-to-live for various DNS entities is measured in hours, not milliseconds.

Each request would have to be for a unique subdomain

2) Many ISPs actually intercept DNS and resolve it themselves, rather than forwarding to an external DNS server. For example, Comcast does this, to send you to their own ad-filled "search help" page if you mis-type a domain name.

They aren't intercepting it, you are actually using their DNS server

3) Most pay-for hotspots that I know about hijack both DNS and HTTP/HTTPS to bring up a "please pay now" paywall for whatever the first request is that your browser makes.

You would bypass the paywall by using a different DNS server than the DHCP provided one.

For whatever reason most hotspots don't block port 53 to the internet even for unauthorized clients. (Some even can be bypassed entirely by skipping DHCP and manually typing in a static IP and gateway that you know from previous sessions allowing you full access to the internet for free)

dns tunneling is a known thing, and quite well documented.

It is always a nice way to get around captive portals at hotels, airports, etc. so something that any competent information security guy watches out for.

See the iodene project and clones.

Problems with caching are gotten around by this approach by making each request unique and having a ttl of one second on each response, however all other issues raised by hplus0603 are still valid points and can't easily be gotten around.

Simply having a lobby server outside of a NAT environment is usually enough to establish game sessions in a safer and less blackhat manner.