RE: Covert Channels

• Previous message: Jeff Moss: "Call For Papers Announcement: Black Hat Windows Security"
• Maybe in reply to: Jeremy Junginger: "Covert Channels"
• Next in thread: Frank Knobbe: "RE: Covert Channels"
• Next in thread: Syzop: "Re: Covert Channels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi folks,

Here's a bit of code that transmits a file (on a windows box) using time
delays. For example, you could initiate a normal network transfer with the
'transmitting' box (or a series of transfers) - say, downloading from a
web or ftp server - and then measure the time delays using a packet sniffer.

It also works as another type of covert transmitter - the 'processor
usage' local transmitter that's mentioned in a lot of the covert channel
literature. One difference here is that it's a 'foreign' process that's
being manipulated. The downside is that you need some privs to access
the process you're manipulating (but that's not really the point, as
discussed previously in this thread).

You could do this in exploit code pretty easily. You could also make this
a lot harder to detect - right now it's pretty dumb.

Anyway, it's not intended as an actual transmitter, more just an
interesting demo.

     -chris.

• TEXT/PLAIN attachment: transmit.c

• Next message: jeffat_private: "Re: UserID and hashed password for Lotus Domino"
• Previous message: Jeff Moss: "Call For Papers Announcement: Black Hat Windows Security"
• Maybe in reply to: Jeremy Junginger: "Covert Channels"
• Next in thread: Frank Knobbe: "RE: Covert Channels"
• Next in thread: Syzop: "Re: Covert Channels"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Oct 22 2002 - 08:29:22 PDT