A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Joff Thyer - Covert Channels using IP Packet Headers Derbycon 2011 (Hacking Illustrated Series InfoSec Tutorial Videos)

Joff Thyer
Covert Channels using IP Packet Headers

Derbycon 2011

A covert data channel is a communications channel that is hidden within the medium of a legitimate communications channel. Covert channels manipulate a communications medium in an unexpected or unconventional way in order to transmit information in an almost undetectable fashion. A covert data channel transfers arbitrary bytes between two points in a fashion that would appear legitimate to someone scrutinizing the exchange. Several IP protocols prevent opportunities for covert communications utilizing bit fields within the layer 3, layer 4, and application payload headers. Whilest cleartext communications can be readily detected, header fields that are highly random can be further subverted for symmetric encryption information exchange.

Unfortunately, we had some audio failure. Fortunately, Joff sent me videos of his demos as well as his slides.

Download Slides

TCP IPID, and Initial Sequence Number demos:



UDP/DNS-ID encoding demo


UDP/DNS TTL single bit encoding demo


TCP-SYN initial sequence number demo encrypted with Blowfish.

 

Back to Derbycon 2011 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2016, IronGeek
Louisville / Kentuckiana Information Security Enthusiast