covert-comms-talk

Covert Communication Channels

Pete Maynard

What is it?

Any communication channel that can be exploited by a process to transfer information in a manner that violates the systems security policy.

Which means..

Bypass restrictions of the firewall.

How?

Disguise the data to bypass the firewall.

Methods

Bit manipulation
Optional Fields

Bit manipulation

IP's ID Field
TCP's ISN Field

Optional Fields

DNS RDATA field
ICMP Payload

ICMP Request Payload

Covert ICMP Request Payload

End

Thanks

covert-comms-talk

PMaynard

covert-comms-talk

0 0

covert-comms-talk

Covert Communication Channels

What is it?

Which means..

How?

Methods

Bit manipulation

Optional Fields

ICMP Request Payload

Covert ICMP Request Payload

End

covert-comms-talk

PMaynard

covert-comms-talk

0 0 (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/platform.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

covert-comms-talk

Covert Communication Channels

What is it?

Which means..

How?

Methods

Bit manipulation

Optional Fields

ICMP Request Payload

Covert ICMP Request Payload

End

0 0