Covert Channels

["Jeremy Junginger" <jjunginger () usbestcrm com>]

Has anyone had success in creating a program that uses IP/TCP/UDP/ICMP
header information to transmit encoded messages from one host to
another?  Shortly after reading
http://www.firstmonday.dk/issues/issue2_5/rowland/ I was very tempted to
put together a proof-of-concept program to demonstrate the use of covert
channels (and more imporantly, how they could slip right by the IDS)
with the tools I had on hand.  I ended up using nemesis (Thank you Mr.
Grimes), tcpdump, and a little Perl script to kind of piece a tool
together that would transmit encoded (I use that term loosely) ASCII
data within the IP id field of the IP header.  It works okay until you
go through a NAT device that decides to change the IPID :)  I wondered
if anyone else has attempted to create a similar covert channel, and if
it is even useful when you can potentially encrypt/tunnel many chat
applications over a 3DES tunnel on basically any port in order to
subvert a security policy.  

A penny for your thoughts...

Jeremy



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/