Mike Switlick. Overview What is a covert channel? Storage / Timing Requirements Bunratty attack Covert_tcp Questions.

Slides:



Advertisements
Similar presentations
CCNA – Network Fundamentals
Advertisements

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Operating-System Structures
Network Layer and Transport Layer.
UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - ( Version Version.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
TCP: Software for Reliable Communication. Spring 2002Computer Networks Applications Internet: a Collection of Disparate Networks Different goals: Speed,
File Transfer Protocol (FTP)
Lecturer: Tamanna Haque Nipa
Communication Network Protocols Jaya Kalidindi CSC 8320(fall 2008)
Process-to-Process Delivery:
Data Communications and Networks
Forensic and Investigative Accounting
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
A form of communication in which electronic messages are created and transferred between two or more devices connected to a network.
Presentation on Osi & TCP/IP MODEL
Chapter 6: Packet Filtering
CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Characteristics of Communication Systems
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
Protocol Architectures. Simple Protocol Architecture Not an actual architecture, but a model for how they work Similar to “pseudocode,” used for teaching.
Copyright 2003 CCNA 1 Chapter 9 TCP/IP Transport and Application Layers By Your Name.
TCP/IP Yang Wang Professor: M.ANVARI.
KONOE, a toolkit for an object- oriented online environment, with Gate Package M.Abe,Y.Nagasaka,F.Fujiwara, T.Tamura,I.Nakano,H.Sakamoto, Y.Sakamoto,S.Enomoto,
Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.
Chapter 5 Transport layer With special emphasis on Transmission Control Protocol (TCP)
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
1 Version 3.0 Module 11 TCP Application and Transport.
Chap 9 TCP/IP Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.
1 The Internet and Networked Multimedia. 2 Layering  Internet protocols are designed to work in layers, with each layer building on the facilities provided.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
MODULE I NETWORKING CONCEPTS.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
OS Services And Networking Support Juan Wang Qi Pan Department of Computer Science Southeastern University August 1999.
BZUPAGES.COM Presentation on TCP/IP Presented to: Sir Taimoor Presented by: Jamila BB Roll no Nudrat Rehman Roll no
Networking Basics CCNA 1 Chapter 11.
3.2 Software Fundamentals. A protocol is a formal description of digital message formats and the rules for exchanging those messages in or between computing.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
SMTP Tapu Ahmed Jeremy Nunn. Basics Responsible for electronic mail delivery. Responsible for electronic mail delivery. Simple ASCII protocol that runs.
Linux Operations and Administration Chapter Eight Network Communications.
Firewalls A brief introduction to firewalls. What does a Firewall do? Firewalls are essential tools in managing and controlling network traffic Firewalls.
Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 5 – VoIP and the OSI Model.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Covert Channels.
UDP : User Datagram Protocol 백 일 우
TCP/IP Protocol Suite Suresh Kr Sharma 1 The OSI Model and the TCP/IP Protocol Suite Established in 1947, the International Standards Organization (ISO)
Dr. ClincyLecture1 Chapter 2 (handout 1– only sections 2.1, 2.2 and 2.3) 1 of 10 Dr. Clincy Professor of CS Exam #3 Monday (3/14/16): Opened Book, No Computer,
Network Models. The OSI Model Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO). Model for understanding.
CITA 352 Chapter 2 TCP/IP Concepts Review. Overview of TCP/IP Protocol –Language used by computers –Transmission Control Protocol/Internet Protocol (TCP/IP)
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
Process-to-Process Delivery:
IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.
Network Models. 2.1 what is the Protocol? A protocol defines the rules that both the sender and receiver and all intermediate devices need to follow,
Chapter 9 ICMP.
Prepared By : Pina Chhatrala
Net 323 D: Networks Protocols
Vocabulary Prototype: A preliminary sketch of an idea or model for something new. It’s the original drawing from which something real might be built or.
Chapter 2 (Handout 1– only sections 2.1, 2.2 and 2.3)
Process-to-Process Delivery:
Net 323 D: Networks Protocols
Internet Control Message Protocol
Chapter 2: Operating-System Structures
Presentation transcript:

Mike Switlick

Overview What is a covert channel? Storage / Timing Requirements Bunratty attack Covert_tcp Questions

What is a covert channel? Any communications channel that can be exploited by a process to transfer information in a manner that violates the system security policy. Method of communication that is not part of the actual systems design but can be used to transfer information to outside sources

Takes advantage of Global Variables such as: Linux kernel used to track disk reads TCP initial number sequence field used to track TCP/IP communications CPU cycle If you can signal or store a bit in it, it can be used to leak illicit data

Types of Covert Channels Storage -shared resource or system variable that can be used to transfer info from a stored data source (encoded into a global variable) -altered by a system call (operating system level) -programming function method (executable level)

-application (user level) -storage channel only realized if variable can be viewed or referenced by another process (and enclosed data decoded) -most popular Storage

Example If a global variable is a file lock attribute of a file -lock on signals a 1 -unlocked signals a 0 Using pseudo binary code

Example Trusted software kernel variable Sender receiver

Timing channel -uses timing or ordering relationships to shared resources as global variable -bits and bytes are signaled (not stored) by timed or ordered processes to a shared resource such as a CPU -requires cooperation between sender and receiver using a clock

Timing Receiver monitors the amount of time that the sender runs a process -if it is run more than 10 sec, it signals a 1 -if less than 10 sec, it signals a 0

Noiseless covert channel Sender and receiver are able to communicate using a channel that is exclusive to them

Noisy covert channel Sender and receiver communicate on a channel that isn’t exclusive to them. -harder to use due to other traffic that creates noise

Covert requirements Sender / receiver have potential to communicate Existing global variable accessible by both Sender able to alter global variable Detectable by receiver Able to synchronize operation

Internet protocol exploitation Use transport and network layers as covert channel Less noise than file attributes or cpu cycles Too many protocol variations to list TCP/IP gives preference to preceding fragment when reassembling data

Bunratty Attack Application layer covert channel that takes advantage of Microsoft Messaging API (MAPI) -features and capabilities built into it in MAPI client, the Exchange Inbox -users have access to a message store of Personal Folders containing Inbox, Outbox that users see as root -Personal Folders are one of several not visible

Bunratty attack Secret msgs MAPISP Search root FreeBusy data Top of persnl Inbox Calendar Outbox Sent Items Projects Not visible visible root

SecretMessages -can write software to create secret messages in hidden folder in root level directory -modifies routing table so MSG.secret goes to secret messages folder and doesn’t pass through inbox first -can contain commands to gain remote control of system or read etc. -like except almost invisible to end user

Covert_tcp Transport and Network layers Uses fields in TCP/IP header as global variables to transmit ASCII data IP packet id field TCP initial sequence number field TCP acknowledged sequence number field

Covert_tcp Fields less likely to be altered by perimeter devices or software like packet filters Not seriously affected by network or system operations Hide content while masquerading as packet in initial connection request and established connection

Covert_tcp Fields not meant to carry bytes Usually keep track of states – only requires a few bits Transfers data 1 ASCII character at a time per packet parses IP ID to obtain value then value is divided by 256 to obtain ASCII value

Packet one: 18:50: nextime.getreal.com 7180> vlast.getreal.com.www: S : (0) win 512 (ttl 64, id 18432) Decoding… (ttl 64, id 18432/256) gives ASCII 72 (H) Packet two: 18:50: nextime.getreal.com 7180> vlast.getreal.com.www: S : (0) win 512 (ttl 64, id 17664) Decoding… (ttl 64, id 17664/256) gives ASCII 69 (E) Packet three: 18:50: nextime.getreal.com 7180> vlast.getreal.com.www: S : (0) win 512 (ttl 64, id 19456) Decoding… (ttl 64, id 19456/256) gives ASCII 76 (L)

Packet four: 18:50: nextime.getreal.com 7180> vlast.getreal.com.www: S : (0) win 512 (ttl 64, id 19456) Decoding… (ttl 64, id 19456/256) gives ASCII 76 (L) Packet five: 18:50: nextime.getreal.com 7180> vlast.getreal.com.www: S : (0) win 512 (ttl 64, id 19456) Decoding… (ttl 64, id 19456/256) gives ASCII 79(O) Packet six: 18:50: nextime.getreal.com 7180> vlast.getreal.com.www: S : (0) win 512 (ttl 64, id 2560) Decoding… (ttl 64, id 2560/256) gives ASCII 10 (carriage return)

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.