Presentation is loading. Please wait.

Presentation is loading. Please wait.

Covert Channels Drew Hintz. At A Glance Definitions Who are you? Who are “they”? A Couple Good Solutions A Couple Really Good Solutions Demo Tool.

Published byAdelia Sherman Modified over 9 years ago

Similar presentations

Presentation on theme: "Covert Channels Drew Hintz. At A Glance Definitions Who are you? Who are “they”? A Couple Good Solutions A Couple Really Good Solutions Demo Tool."— Presentation transcript:

1 Covert Channels Drew Hintz

2 At A Glance Definitions Who are you? Who are “they”? A Couple Good Solutions A Couple Really Good Solutions Demo Tool

3 Definitions Steganography vs. Covert Channel

4 Steganography the art of communication through obscurity High Tech: flipping the low two bits in a jpeg Low Tech: Shaving your Head Getting a tattoo Growing your hair back

5 Covert Channel Subcategory of Stego –Communication Stream between hosts –Sent in the open/open for eavesdropping –Uses common internet protocols in imaginative ways

6 Who Are You? FUD Trojan Horses

7 Who are “they”? Dedicated Observer –All portions of traffic closely monitored –Are aware of all the tricks in the book Casual Observer –Automated systems sifting on keywords –Focusing mainly on Payload

8 How covert is covert-enough? Semi-Covert: Fooling the Casual Observer –Security through obscurity –Breaks common implementation standards –Assumes “they” won’t bother looking Truly Covert: Fooling Everyone –Traffic appears normal –Does not stray from common implementation –Will work even if “they” know the procedure used

9 Methods in General Uses some amount of cover/permissible traffic Sender embeds covert message outbound Client receives traffic, retrieves message

10 A simple example Dick wants to send a message to Jane FTPs Jane a couple of old vacation pictures And encodes the secret formula for coke bit by bit using the PSH flag

11 Rating A Method Fault Tolerance Bandwidth Ease of Detection

12 Rating the PSH Example Fault Tolerance –IP Header may be rewritten by firewalls Bandwidth –Poor: one bit per packet Detection –Easy: PSH rarely used –ENTER SNORT RULE HERE

13 Semi-Covert Channels IP Identification Field TCP Checksum

14 What it is: –2 byte sum of the contents of the TCP packet How it’s exploited –YOU TELL ME

15 Details of How the TCP Checksum Works

16 Rating of TCP Checksum You tell me

17 IP Identification Field What it is –2 byte number in IP Header –Unique number assigned to each packet –Used in reassembling fragments How It’s Exploited –Straight encoding of message into field

18 IP ID Field Rating Fault Tolerance –Can get rewritten by NAT/Firewalls Bandwidth –Good: 2 Byte number on each packet Ease of Detection –Good Depending on Sender OS –Some OSs will increment each ID per session

19 Covert Channels TCP Timestamp ISN Field Method Addon: ISN Bounce

Download ppt "Covert Channels Drew Hintz. At A Glance Definitions Who are you? Who are “they”? A Couple Good Solutions A Couple Really Good Solutions Demo Tool."

Similar presentations

Transport Layer3-1 Transport Overview and UDP. Transport Layer3-2 Goals r Understand transport services m Multiplexing and Demultiplexing m Reliable data.

Transport Layer3-1 Transport Overview and UDP. Transport Layer3-2 Goals r Understand transport services m Multiplexing and Demultiplexing m Reliable data.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
1 Features of IPv6 Larger Address Extended Address Hierarchy Flexible Header Format Improved Options Provision For Protocol Extension Support for Auto-configuration.

1 Features of IPv6 Larger Address Extended Address Hierarchy Flexible Header Format Improved Options Provision For Protocol Extension Support for Auto-configuration.
IPv4 - The Internet Protocol Version 4

IPv4 - The Internet Protocol Version 4
IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.

IP Fragmentation. MTU Maximum Transmission Unit (MTU) –Largest IP packet a network will accept –Arriving IP packet may be larger IP Packet MTU.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
Intermediate TCP/IP TCP Operation.

Intermediate TCP/IP TCP Operation.
Covert Channels in TCP and IP Headers Drew Hintz

Covert Channels in TCP and IP Headers Drew Hintz
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
1 TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.

1 TCP - Part I Relates to Lab 5. First module on TCP which covers packet format, data transfer, and connection management.
Internet Control Message Protocol (ICMP). Introduction The Internet Protocol (IP) is used for host-to-host datagram service in a system of interconnected.

Internet Control Message Protocol (ICMP). Introduction The Internet Protocol (IP) is used for host-to-host datagram service in a system of interconnected.
Overview of Digital Stenography

Overview of Digital Stenography
CSEE W4140 Networking Laboratory Lecture 6: TCP and UDP Jong Yul Kim 03.01.2010.

CSEE W4140 Networking Laboratory Lecture 6: TCP and UDP Jong Yul Kim
Examining IP Header Fields

Examining IP Header Fields
Internet Networking Spring 2003

Internet Networking Spring 2003
1 Internet Networking Spring 2002 Tutorial 2 IP Checksum, Fragmentation.

1 Internet Networking Spring 2002 Tutorial 2 IP Checksum, Fragmentation.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
IP-UDP-RTP Computer Networking (In Chap 3, 4, 7) 건국대학교 인터넷미디어공학부 임 창 훈.

IP-UDP-RTP Computer Networking (In Chap 3, 4, 7) 건국대학교 인터넷미디어공학부 임 창 훈.
1 IPv6 Refs: Chapter 10, Appendix A. 2 IPv6 availability Generally not part of O.S. Available in beta for many operating systems. 6-Bone is experimental.

1 IPv6 Refs: Chapter 10, Appendix A. 2 IPv6 availability Generally not part of O.S. Available in beta for many operating systems. 6-Bone is experimental.
John Degenhart Joseph Allen.  What is FTP?  Communication over Control connection  Communication over Data Connection  File Type  Data Structure.

John Degenhart Joseph Allen.  What is FTP?  Communication over Control connection  Communication over Data Connection  File Type  Data Structure.

Similar presentations

Ads by Google