Covert Channels using IP Packet Headers

Presented at DerbyCon 1.0 (2011), Oct. 1, 2011, 6 p.m. (50 minutes).

A covert data channel is a communications channel that is hidden within the medium of a legitimate communications channel. Covert channels manipulate a communications medium in an unexpected or unconventional way in order to transmit information in an almost undetectable fashion. A covert data channel transfers arbitrary bytes between two points in a fashion that would appear legitimate to someone scrutinizing the exchange. Several IP protocols prevent opportunities for covert communications utilizing bit fields within the layer 3, layer 4, and application payload headers. Whilest cleartext communications can be readily detected, header fields that are highly random can be further subverted for symmetric encryption information exchange.


Presenters:

  • Joff Thyer
    Joff Thyer is a senior network security engineer, and penetration tester for the University of North Carolina at Greensboro. His experience includes systems programming, enterprise network security engineering / architecture, packet analysis geekage, various small software development projects, and penetration testing. Joff holds a Bachelor of Science in Mathematics, and a Masters of Computer Science both from the University of North Carolina at Greensboro. Professional certifications include a GCIA-Gold, and GPEN.

Similar Presentations: