From: Jeremy Junginger (jjunginger@usbestcrm.com)
Date: Wed Oct 16 2002 - 18:08:49 EDT
Has anyone had success in creating a program that uses IP/TCP/UDP/ICMP
header information to transmit encoded messages from one host to
another? Shortly after reading
http://www.firstmonday.dk/issues/issue2_5/rowland/ I was very tempted to
put together a proof-of-concept program to demonstrate the use of covert
channels (and more imporantly, how they could slip right by the IDS)
with the tools I had on hand. I ended up using nemesis (Thank you Mr.
Grimes), tcpdump, and a little Perl script to kind of piece a tool
together that would transmit encoded (I use that term loosely) ASCII
data within the IP id field of the IP header. It works okay until you
go through a NAT device that decides to change the IPID :) I wondered
if anyone else has attempted to create a similar covert channel, and if
it is even useful when you can potentially encrypt/tunnel many chat
applications over a 3DES tunnel on basically any port in order to
subvert a security policy.
A penny for your thoughts...
Jeremy
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:25 EDT