Vulnerability Development mailing list archives
RE: Covert Channels
From: Chris Anley <chris () ngssoftware com>
Date: Tue, 22 Oct 2002 10:37:36 +0100 (GMT Daylight Time)
Hi folks, Here's a bit of code that transmits a file (on a windows box) using time delays. For example, you could initiate a normal network transfer with the 'transmitting' box (or a series of transfers) - say, downloading from a web or ftp server - and then measure the time delays using a packet sniffer. It also works as another type of covert transmitter - the 'processor usage' local transmitter that's mentioned in a lot of the covert channel literature. One difference here is that it's a 'foreign' process that's being manipulated. The downside is that you need some privs to access the process you're manipulating (but that's not really the point, as discussed previously in this thread). You could do this in exploit code pretty easily. You could also make this a lot harder to detect - right now it's pretty dumb. Anyway, it's not intended as an actual transmitter, more just an interesting demo. -chris.
Attachment:
transmit.c
Description: transmit.c
Current thread:
- Re: Covert Channels, (continued)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Frank Knobbe (Oct 23)
- Re: Covert Channels Anton Aylward (Oct 23)
- Re: Covert Channels Roland Postle (Oct 24)
- RE: Covert Channels Omar Herrera (Oct 23)
- Re: Covert Channels Mark Grimes (Oct 17)
- RE: Covert Channels Michael Wojcik (Oct 17)
- RE: Covert Channels Jeremy Junginger (Oct 17)
- Re: Covert Channels FX (Oct 17)
- RE: Covert Channels Jeremy Junginger (Oct 18)
- RE: Covert Channels Chris Anley (Oct 22)
- RE: Covert Channels Frank Knobbe (Oct 23)
- RE: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Richard Masoner (Oct 23)
- RE: Covert Channels Omar Herrera (Oct 23)
- Re: Covert Channels Timothy J. Miller (Oct 23)
- Re: Covert Channels David Wagner (Oct 24)
- RE: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Michal Zalewski (Oct 23)