lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <1ede00f705013006247ad82427@mail.gmail.com> From: cyberpixl at gmail.com (cyberpixl) Subject: ICMP Covert channels question > > No, because non-routeable addresses are...well....non-routeable. The only > exception to this is *if* the target machine already had a session going > with 33.33.33.33 (and it would obviously be nat'd/pat'd) there is a snort > time frame within with your icmp packet would be delivered because the > firewall is still translating the address/port for that session. > > Of course you have to know in advance all those variables, so, since you're > sitting right there, just pound the dern thing with a hammer and be done > with it. :-) > > Paul Schmehl (pauls@...allas.edu) > Adjunct Information Security Officer > The University of Texas at Dallas > AVIEN Founding Member > http://www.utdallas.edu > Well, what i meant was what if i use the networks router as a bounce host in order to get the packets into the network? If an icmp packet arrives at routers wan port with a source ip of an internal host will it send the echoreply to its lan port? I currently haven't got the chance to test this, but i will as soon as i can. Then, in order to receive replyes from the host behind the firewall all I'd have to do is make it send packets to a bounce server outsede the network, like google.com with source set to my ip (assuming then that the router freely allows icmp traffic out of the network).
Powered by blists - more mailing lists