Thread: covert channel?

  1. #1
    Registered User smahdi1991's Avatar
    Join Date
    Nov 2009
    Posts
    32

    covert channel?

    Ive reading some article about covert channel
    and their were clear in explanation.but there is something i think is missing in their article.if an Adversary want to send an anonymous data in a covert channel(for example in tcp or ip or icmp unused fields) ,it will be OK and firewall cant detect it ,but they can find the destination ip and already found the attacker ,am i right?
    then why they say detect a covert channel is difficult?and how an attacker use covert channel while its destination ip address is reveal for firewall?

  2. #2
    C++ Witch laserlight's Avatar
    Join Date
    Oct 2003
    Location
    Singapore
    Posts
    28,413
    You might want to link to the article for context.
    Quote Originally Posted by Bjarne Stroustrup (2000-10-14)
    I get maybe two dozen requests for help with some sort of programming or design problem every day. Most have more sense than to send me hundreds of lines of code. If they do, I ask them to find the smallest example that exhibits the problem and send me that. Mostly, they then find the error themselves. "Finding the smallest program that demonstrates the error" is a powerful debugging tool.
    Look up a C++ Reference and learn How To Ask Questions The Smart Way

  3. #3
    Registered User smahdi1991's Avatar
    Join Date
    Nov 2009
    Posts
    32
    for example:
    https://www.iup.edu/WorkArea/Downloa....aspx?id=60861
    www.gray-world.net/papers/0506-PGNET-Paper.pdf
    http://caia.swin.edu.au/cv/szander/p...vert-dec07.pdf
    and there was some powerpoint file that explain about covert channel and they base was some article .

  4. #4
    Registered User smahdi1991's Avatar
    Join Date
    Nov 2009
    Posts
    32
    is there any help?

  5. #5
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by smahdi1991 View Post
    Ive reading some article about covert channel
    and their were clear in explanation.but there is something i think is missing in their article.if an Adversary want to send an anonymous data in a covert channel(for example in tcp or ip or icmp unused fields) ,it will be OK and firewall cant detect it ,but they can find the destination ip and already found the attacker ,am i right?
    then why they say detect a covert channel is difficult?and how an attacker use covert channel while its destination ip address is reveal for firewall?
    I think you're missing the meaning of "covert." If the attacked party knows they are being attacked, it isn't covert. If they don't know they're being attacked, they aren't going to be checking IP addresses in their logs.

    By definition if they notice you, you are not being covert.
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  6. #6
    Registered User smahdi1991's Avatar
    Join Date
    Nov 2009
    Posts
    32
    if i want to use HTTP for covert channel ,what method should i use?which field should i use?

  7. #7
    Officially An Architect brewbuck's Avatar
    Join Date
    Mar 2007
    Location
    Portland, OR
    Posts
    7,396
    Quote Originally Posted by smahdi1991 View Post
    if i want to use HTTP for covert channel ,what method should i use?which field should i use?
    I can think of many possibilities.

    1. Encode the data into a big string which is a valid domain name. Then go to BigEncodedString.com in the web browser. The data will leak out via DNS request
    2. Use content headers or unused form variables to sneak the data out
    3. Put the data in the user agent string
    4. cASe mOdULaTIOn: ThE CaSE Of letTErs IndiCATeS 1'S ANd 0's.
    5. Long winded comments on web forums with the information embedded into a pattern of spelling errors
    6. Temporal methods. The time between requests somehow maps to values you are transmitting
    Code:
    //try
    //{
    	if (a) do { f( b); } while(1);
    	else   do { f(!b); } while(1);
    //}

  8. #8
    Registered User smahdi1991's Avatar
    Join Date
    Nov 2009
    Posts
    32
    i developed a simple sniffer and a simple client server socket programm(all in c),i want to test a simple covertchannel in my laptop(localhost127.0.0.1).....i found that winpcap cant tak capture from 127.0.0.1(becuase frame to dst127.0.0.1 dont go to NIC and the winpcap cant get a copy of them)...
    is there any way to test build and test a simple covert channell?
    (in my case im going to use a sniffer in my system to snif data and when a frame comes with first 4Byte Uppercase then my sniffer send a hello covert channel to source of the frame-----------------------i wrote the sniffer and it works ok,and tcp sender is work ok, but i dont know how to set them to my requirements )

  9. #9
    Registered User smahdi1991's Avatar
    Join Date
    Nov 2009
    Posts
    32
    is there any Guidance?

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Replies: 2
    Last Post: 03-15-2011, 01:44 AM
  2. how to covert 'std::string' to 'char * in c++
    By chintugavali in forum C++ Programming
    Replies: 11
    Last Post: 02-13-2008, 02:11 AM
  3. help with IRC channel ban
    By MisterSako in forum A Brief History of Cprogramming.com
    Replies: 1
    Last Post: 09-05-2004, 01:23 PM
  4. covert ascii code to character
    By Shadow in forum C Programming
    Replies: 2
    Last Post: 04-25-2002, 09:53 PM

Tags for this Thread