lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: cyberpixl at gmail.com (cyberpixl)
Subject: ICMP Covert channels question

> 
> No, because non-routeable addresses are...well....non-routeable.  The only
> exception to this is *if* the target machine already had a session going
> with 33.33.33.33 (and it would obviously be nat'd/pat'd) there is a snort
> time frame within with your icmp packet would be delivered because the
> firewall is still translating the address/port for that session.
> 
> Of course you have to know in advance all those variables, so, since you're
> sitting right there, just pound the dern thing with a hammer and be done
> with it.  :-)
> 
> Paul Schmehl (pauls@...allas.edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> AVIEN Founding Member
> http://www.utdallas.edu
> 

Well, what i meant was what if i use the networks router as a bounce
host in order to get the packets into the network? If an icmp packet
arrives at routers wan port with a source ip of an internal host will
it send the echoreply to its lan port? I currently haven't got the
chance to test this, but i will as soon as i can. Then, in order to
receive replyes from the host behind the firewall all I'd have to do
is make it send packets to a bounce server outsede the network, like
google.com with source set to my ip (assuming then that the router
freely allows icmp traffic out of the network).

Powered by blists - more mailing lists