Re: Covert Channels

From: Rohit Sharma (rsharmaat_private)
Date: Thu Oct 17 2002 - 07:29:06 PDT

Next message: bart2kat_private: "ACF2 auditing"

Previous message: Roland Postle: "Re: Covert Channels"
In reply to: Jeremy Junginger: "Covert Channels"
Next in thread: Chris Reining: "Re: Covert Channels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

see the archives section in the libnet list, you will find lots of link
there.

also check

http://packetstorm.linuxsecurity.com/papers/unix/tcp.acknowledgement.txt

On Thu, 2002-10-17 at 03:38, Jeremy Junginger wrote:
> Has anyone had success in creating a program that uses IP/TCP/UDP/ICMP
> header information to transmit encoded messages from one host to
> another?  Shortly after reading
> http://www.firstmonday.dk/issues/issue2_5/rowland/ I was very tempted to
> put together a proof-of-concept program to demonstrate the use of covert
> channels (and more imporantly, how they could slip right by the IDS)
> with the tools I had on hand.  I ended up using nemesis (Thank you Mr.
> Grimes), tcpdump, and a little Perl script to kind of piece a tool
> together that would transmit encoded (I use that term loosely) ASCII
> data within the IP id field of the IP header.  It works okay until you
> go through a NAT device that decides to change the IPID :)  I wondered
> if anyone else has attempted to create a similar covert channel, and if
> it is even useful when you can potentially encrypt/tunnel many chat
> applications over a 3DES tunnel on basically any port in order to
> subvert a security policy.
>
> A penny for your thoughts...
>
> Jeremy
>
>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/
>
>

*********************************************************
Disclaimer

This message (including any attachments) contains 
confidential information intended for a specific 
individual and purpose, and is protected by law. 
If you are not the intended recipient, you should 
delete this message and are hereby notified that 
any disclosure, copying, or distribution of this
message, or the taking of any action based on it, 
is strictly prohibited.

*********************************************************
Visit us at http://www.mahindrabt.com

Next message: bart2kat_private: "ACF2 auditing"
Previous message: Roland Postle: "Re: Covert Channels"
In reply to: Jeremy Junginger: "Covert Channels"
Next in thread: Chris Reining: "Re: Covert Channels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 17 2002 - 07:39:10 PDT