Vulnerability Development mailing list archives
Covert Channels
From: "Jeremy Junginger" <jjunginger () usbestcrm com>
Date: Wed, 16 Oct 2002 15:08:49 -0700
Has anyone had success in creating a program that uses IP/TCP/UDP/ICMP header information to transmit encoded messages from one host to another? Shortly after reading http://www.firstmonday.dk/issues/issue2_5/rowland/ I was very tempted to put together a proof-of-concept program to demonstrate the use of covert channels (and more imporantly, how they could slip right by the IDS) with the tools I had on hand. I ended up using nemesis (Thank you Mr. Grimes), tcpdump, and a little Perl script to kind of piece a tool together that would transmit encoded (I use that term loosely) ASCII data within the IP id field of the IP header. It works okay until you go through a NAT device that decides to change the IPID :) I wondered if anyone else has attempted to create a similar covert channel, and if it is even useful when you can potentially encrypt/tunnel many chat applications over a 3DES tunnel on basically any port in order to subvert a security policy. A penny for your thoughts... Jeremy
Current thread:
- Covert Channels Jeremy Junginger (Oct 16)
- Re: Covert Channels kam (Oct 16)
- Re: Covert Channels Valdis . Kletnieks (Oct 17)
- RE: Covert Channels Ofir Arkin (Oct 18)
- RE: Covert Channels Michal Zalewski (Oct 18)
- Re: Covert Channels David Litchfield (Oct 18)
- Re: Covert Channels Michal Zalewski (Oct 18)
- RE: Covert Channels Ofir Arkin (Oct 19)
- RE: Covert Channels Michal Zalewski (Oct 19)
- Re: Covert Channels Dragos Ruiu (Oct 21)
- Re: Covert Channels Roland Postle (Oct 22)
- Re: Covert Channels Valdis . Kletnieks (Oct 17)
- Re: Covert Channels kam (Oct 16)