A covert data channel is a communications channel that is hidden within the medium of a legitimate communications channel. Covert channels manipulate a communications medium in an unexpected or unconventional way in order to transmit information in an almost undetectable fashion. A covert data channel transfers arbitrary bytes between two points in a fashion that would appear legitimate to someone scrutinizing the exchange. Several IP protocols prevent opportunities for covert communications utilizing bit fields within the layer 3, layer 4, and application payload headers. Whilest cleartext communications can be readily detected, header fields that are highly random can be further subverted for symmetric encryption information exchange.

Unfortunately, we had some audio failure. Fortunately, Joff sent me videos of his demos as well as his slides.

Download Slides

TCP IPID, and Initial Sequence Number demos:



UDP/DNS-ID encoding demo


UDP/DNS TTL single bit encoding demo


TCP-SYN initial sequence number demo encrypted with Blowfish.

Back to Derbycon 2011 video list