Covert Channels using IP Packet Headers

Presented at DerbyCon 1.0 (2011), Oct. 1, 2011, 6 p.m. (50 minutes)

A covert data channel is a communications channel that is hidden within the medium of a legitimate communications channel. Covert channels manipulate a communications medium in an unexpected or unconventional way in order to transmit information in an almost undetectable fashion. A covert data channel transfers arbitrary bytes between two points in a fashion that would appear legitimate to someone scrutinizing the exchange. Several IP protocols prevent opportunities for covert communications utilizing bit fields within the layer 3, layer 4, and application payload headers. Whilest cleartext communications can be readily detected, header fields that are highly random can be further subverted for symmetric encryption information exchange.

Presenters:

• Joff Thyer
  Joff Thyer is a senior network security engineer, and penetration tester for the University of North Carolina at Greensboro. His experience includes systems programming, enterprise network security engineering / architecture, packet analysis geekage, various small software development projects, and penetration testing. Joff holds a Bachelor of Science in Mathematics, and a Masters of Computer Science both from the University of North Carolina at Greensboro. Professional certifications include a GCIA-Gold, and GPEN.

Similar Presentations:

• Black Hat Europe 2015 / Hiding in Plain Sight - Advances in Malware Covert Communication Channels
• Black Hat Asia 2017 / Hello From the Other Side: SSH Over Robust Cache Covert Channels in the Cloud
• DEF CON 10 (2002) / Covert Channels in TCP and IP Headers