Penetration Testing mailing list archives
Re: For those interested in covert channels
From: "Dante Signal31" <dante.signal31 () gmail com>
Date: Tue, 30 Dec 2008 12:17:50 +0100
2008/12/25 nights shadow <nights.shadow () gmail com>:
Hi list, I wrote a quick post about a time when I needed to create a secure form of communication without any messenger clients. The post's name is "Guide to Encrypted Covert Channels" and it's located at: http://turboborland.blogspot.com/2008/12/guide-to-encrypted-dynamic-covert.html I hope it provides some entertainment for those who've worked with covert channels before or those just generally curious. This was my first time creating one and it was pretty fun communicating securely with only needing to be on the same network. Any and all comments appreciated. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Pretty interesting article. The problem I see with that protocol is that you rely on an unshielded network. I mean, if you have internal firewalls between your endpoints they would limit open ports you can use, reducing drastically your alphabet size. You may use a binary port encoding, a combination of tries in eight ports may give you the ASCII alphabet... problem is that sometimes you don't have even those eight ports open and you need to be aware of time related issues with this approach. Maybe you'd like to read one of my blog articles written some time ago (25 Oct) about network steganography [1] . There I explain (and implement with python code) some ways to create covert channels in usual network traffic. I detail data hidding in ping data fields, in ID IP header field, in ISN TCP header and with ASN header in TCP. The later is pretty interesting because I implement an indirect covert channel connecting two endpoints through a middleserver which can be useful to circumvent firewall filtering rules and IDS detection. Besides, I think my python code can be useful to you as an starting point to automate your protocol. Please, tell me if you do it to announce it in my blog :) References: [1] http://danteslab.blogspot.com/2008/10/esteganografa-de-red.html -- Dante (http://danteslab.blogspot.com/) ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- For those interested in covert channels nights shadow (Dec 27)
- Re: For those interested in covert channels Steffen Wendzel (Dec 28)
- RE: For those interested in covert channels Abe Getchell (Dec 29)
- Re: For those interested in covert channels Dante Signal31 (Dec 30)
- <Possible follow-ups>
- Re: Re: For those interested in covert channels nights . shadow (Dec 30)