Full Disclosure mailing list archives
Re: ICMP Covert channels question
From: Darren Bounds <dbounds () intrusense com>
Date: Sat, 29 Jan 2005 09:06:33 -0500
In most cases 10/8, 192.168/16 and 172.16/12 are not routable across the Internet, although there are some exceptions.
However, if your packet does manage to reach it the destination network, traverse the firewall and hit it's target, you can be reasonably certain that the response, be it a TCP SYN-ACK, an ICMP unreachable of some sort or just an ICMP echo reply, it will quite happily find it's way to the internal host whom you spoofed for review.
Thanks, Darren Bounds Intrusense LLC. -- Intrusense - Securing Business As Usual On Jan 28, 2005, at 5:45 PM, cyberpixl wrote:
I've been doing some research on creating covert channels using icmp packets and a bounce server and so far everything worked fine. I can contact my web server through a bounce server outside of my network (like www.google.com or whatever). In my current setup both client and target are located in the same network and comunicate through the bounce server using icmp packets. Now, would it be possible to access a server behind a firewall, that normally isn't accessable, using this technique, if i'm outside of the target network? Assume there is a local machine (our target) with ip 192.168.0.2 that is connected to the internet using a router 192.168.0.1/88.88.88.88 (that is not blocking icmp packets) and my machine is say, 33.33.33.33. If i then send an icmp packet to the 88.88.88.88 router with source ip set to 192.168.0.2, would it forward that packet to the host in its local network, or will it discard it? Is there any way to deliver my packet to that local machine? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ICMP Covert channels question cyberpixl (Jan 28)
- Re: ICMP Covert channels question Andrew Farmer (Jan 28)
- Re: ICMP Covert channels question Paul Schmehl (Jan 28)
- RE: ICMP Covert channels question lists-security (Jan 29)
- RE: ICMP Covert channels question Paul Schmehl (Jan 29)
- RE: ICMP Covert channels question lists-security (Jan 29)
- RE: ICMP Covert channels question lists-security (Jan 29)
- Re: ICMP Covert channels question cyberpixl (Jan 30)
- Re: ICMP Covert channels question Gadi Evron (Jan 28)
- <Possible follow-ups>
- Re: ICMP Covert channels question Darren Bounds (Jan 29)