Has anyone had success in creating a program that uses IP/TCP/UDP/ICMP header information to transmit encoded messages from one host to another? Shortly after reading http://www.firstmonday.dk/issues/issue2_5/rowland/ I was very tempted to put together a proof-of-concept program to demonstrate the use of covert channels (and more imporantly, how they could slip right by the IDS) with the tools I had on hand. I ended up using nemesis (Thank you Mr. Grimes), tcpdump, and a little Perl script to kind of piece a tool together that would transmit encoded (I use that term loosely) ASCII data within the IP id field of the IP header. It works okay until you go through a NAT device that decides to change the IPID :) I wondered if anyone else has attempted to create a similar covert channel, and if it is even useful when you can potentially encrypt/tunnel many chat applications over a 3DES tunnel on basically any port in order to subvert a security policy. A penny for your thoughts... Jeremy
This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 15:35:53 PDT