Full Disclosure mailing list archives
Re: ICMP Covert channels question
From: Andrew Farmer <andfarm () teknovis com>
Date: Fri, 28 Jan 2005 16:12:21 -0800
On 28 Jan 2005, at 14:45, cyberpixl wrote: <snip>
Assume there is a local machine (our target) with ip 192.168.0.2 that is connected to the internet using a router 192.168.0.1/88.88.88.88 (that is not blocking icmp packets) and my machine is say, 33.33.33.33. If i then send an icmp packet to the 88.88.88.88 router with source ip set to 192.168.0.2, would it forward that packet to the host in its local network, or will it discard it?
Depends entirely on the router's configuration. Most will forward it; however, some will, whether out of misimplementation or paranoia, drop it.
Is there any way to deliver my packet to that local machine?
There are some other nifty tricks you ought to check out. For example, take a look at LimeWire's 'UDPConnect' protocol.
Attachment:
PGP.sig
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- ICMP Covert channels question cyberpixl (Jan 28)
- Re: ICMP Covert channels question Andrew Farmer (Jan 28)
- Re: ICMP Covert channels question Paul Schmehl (Jan 28)
- RE: ICMP Covert channels question lists-security (Jan 29)
- RE: ICMP Covert channels question Paul Schmehl (Jan 29)
- RE: ICMP Covert channels question lists-security (Jan 29)
- RE: ICMP Covert channels question lists-security (Jan 29)
- Re: ICMP Covert channels question cyberpixl (Jan 30)
- Re: ICMP Covert channels question Gadi Evron (Jan 28)
- <Possible follow-ups>
- Re: ICMP Covert channels question Darren Bounds (Jan 29)