lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <2147483647.1107002801@[192.168.2.101]>
From: pauls at utdallas.edu (Paul Schmehl)
Subject: ICMP Covert channels question

--On Saturday, January 29, 2005 12:37 AM -0800 
lists-security@...tracers.com wrote:
>
> Paul Schmehl Said:
>> No, because non-routeable addresses are...well....non-routeable.
>
> But Paul, I route non-routable addresses all the time.  It is only
> internet routers that are usually configured to not route certain
> addresses.  I go into many nets where the router is attempting to send
> out 192.168's 172.'s and 10's out the external interface.  Now they don't
> get far since the ISP won't take them or just sinks them, but the routers
> will try to handle them.
>
> Some routers (plenty won't) will probably try to "return" those ICMP's to
> the internal interface, thus providing your covert channel.  Furthermore,
> you may be able to do some interesting things with the type and code
> fields to encode further information.
>
I guess it all depends if you consider configuration errors "bugs". 
Assuming a router is correctly configured, non-routeable addresses should 
never leave *or* enter a network, but of course they can be routed 
internally.

As an attacker, I would not design an exploit that *depended* upon private 
addresses being routed external to the victim's router unless I first 
verified that they were.

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu

Powered by blists - more mailing lists