lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: dbounds at intrusense.com (Darren Bounds)
Subject: ICMP Covert channels question

In most cases 10/8, 192.168/16 and 172.16/12 are not routable across 
the Internet, although there are some exceptions.

However, if your packet does manage to reach it the destination 
network, traverse the firewall and hit it's target, you can be 
reasonably certain that the response, be it a TCP SYN-ACK,  an ICMP 
unreachable of some sort or just an ICMP echo reply, it will quite 
happily find it's way to the internal host whom you spoofed for review.


Thanks,

Darren Bounds
Intrusense LLC.

--
Intrusense - Securing Business As Usual


On Jan 28, 2005, at 5:45 PM, cyberpixl wrote:

> I've been doing some research on creating covert channels using icmp
> packets and a bounce server and so far everything worked fine. I can
> contact my web server through a bounce server outside of my network
> (like www.google.com or whatever). In my current setup both client and
> target are located in the same network and comunicate through the
> bounce server using icmp packets.
>
> Now, would it be possible to access a server behind a firewall, that
> normally isn't accessable, using this technique, if i'm outside of the
> target network?
>
> Assume there is a local machine (our target) with ip 192.168.0.2 that
> is connected to the internet using a router 192.168.0.1/88.88.88.88
> (that is not blocking icmp packets) and my machine is say,
> 33.33.33.33. If i then send an icmp packet to the 88.88.88.88 router
> with source ip set to 192.168.0.2, would it forward that packet to the
> host in its local network, or will it discard it? Is there any way to
> deliver my packet to that local machine?
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ