lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20050129083752.D87C825C013@mail.nettracers.com>
From: lists-security at nettracers.com (lists-security@...tracers.com)
Subject: ICMP Covert channels question

 
Paul Schmehl Said:
>No, because non-routeable addresses are...well....non-routeable.  

But Paul, I route non-routable addresses all the time.  It is only internet
routers that are usually configured to not route certain addresses.  I go
into many nets where the router is attempting to send out 192.168's 172.'s
and 10's out the external interface.  Now they don't get far since the ISP
won't take them or just sinks them, but the routers will try to handle them.

Some routers (plenty won't) will probably try to "return" those ICMP's to
the internal interface, thus providing your covert channel.  Furthermore,
you may be able to do some interesting things with the type and code fields
to encode further information.  

- Bryan
- bwatson@...tracers.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ