Vulnerability Development mailing list archives
Re: Covert Channels
From: Darryl Luff <darryl () snakegully nu>
Date: Fri, 18 Oct 2002 21:45:01 +1000
> Jeremy Junginger wrote:
Has anyone had success in creating a program that uses IP/TCP/UDP/ICMP header information to transmit encoded messages from one host to another? Shortly after reading
Hi Jeremy,As you say there are usually easier ways. If you're inside a firewall connecting out, you can just use http, https or email through their existing systems. If you're outside trying to connect in, I think that the main problem is getting your packets in to where the target system can see them. If you can do that, you can encode it however you want.
I imagine that the easiest way would be to pick an unknown IP or TCP option number and insert your own options field into the IP or TCP header. This keeps your data separate from the TCP connection data. I think that an option field can be up to 253 bytes of data?
Do any IDS systems trigger on unrecognised option fields? Darryl Luff
Current thread:
- Re: Covert Channels, (continued)
- Re: Covert Channels Alex Tibbles (Oct 17)
- Re: Covert Channels MA (Oct 17)
- Re: Covert Channels Roland Postle (Oct 17)
- RE: Covert Channels Dom De Vitto (Oct 17)
- RE: Covert Channels Jeff Nathan (Oct 19)
- RE: Covert Channels Dom De Vitto (Oct 19)
- Re: Covert Channels Craig Baltes (Oct 17)
- Re: Covert Channels CJ Oster (Oct 17)
- Re: Covert Channels Rohit Sharma (Oct 17)
- Re: Covert Channels Chris Reining (Oct 18)
- Re: Covert Channels Darryl Luff (Oct 18)
- Re: Covert Channels Valdis . Kletnieks (Oct 18)
- Re: Covert Channels Jeff Nathan (Oct 19)
- Re: Covert Channels Frank Knobbe (Oct 23)
- Re: Covert Channels Jose Nazario (Oct 23)
- Re: Covert Channels Blue Boar (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Blue Boar (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Omar Herrera (Oct 23)
- RE: Covert Channels Cade Cairns (Oct 24)
- Re: Covert Channels Jose Nazario (Oct 23)