lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <2147483647.1107002801@[192.168.2.101]> From: pauls at utdallas.edu (Paul Schmehl) Subject: ICMP Covert channels question --On Saturday, January 29, 2005 12:37 AM -0800 lists-security@...tracers.com wrote: > > Paul Schmehl Said: >> No, because non-routeable addresses are...well....non-routeable. > > But Paul, I route non-routable addresses all the time. It is only > internet routers that are usually configured to not route certain > addresses. I go into many nets where the router is attempting to send > out 192.168's 172.'s and 10's out the external interface. Now they don't > get far since the ISP won't take them or just sinks them, but the routers > will try to handle them. > > Some routers (plenty won't) will probably try to "return" those ICMP's to > the internal interface, thus providing your covert channel. Furthermore, > you may be able to do some interesting things with the type and code > fields to encode further information. > I guess it all depends if you consider configuration errors "bugs". Assuming a router is correctly configured, non-routeable addresses should never leave *or* enter a network, but of course they can be routed internally. As an attacker, I would not design an exploit that *depended* upon private addresses being routed external to the victim's router unless I first verified that they were. Paul Schmehl (pauls@...allas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
Powered by blists - more mailing lists