 |
 |
|
September 28, 2003Creating Covert Network CommsIf you have even attended any lectures I have given on the powers of covert communications on networks, you might have heard me talk about my dynamic door opener I wrote to allow me to open a "window" of time on a server's firewall to allow me to connect from unknown foreign hosts that may not be trusted. It works quite well, and I have used it for years on different machines around the world. Basically I can send a sequence of specially crafted ICMP messages (thank heavens for switches on ping like -p) to a network segment, and my back door will see it and create an ipchains/ipfw firewall rule to allow that host to connect and authenticate with SSH for 30 seconds. Once the 30 seconds are up, the firewall patches itself and the existing SSH tunnel will stay active, with me connected. (Assuming the firewall will still allow existing ports to stay open after the reset) Well, it took some time to write that way back when in C (we are talking years ago when ipfwadm was just reaching its peek), and I must admit it was/is a bitch to maintain as firewalls become more complex. Quite frankly I haven't looked at the code in some times, and never ported it to Linux's iptables. Well, I found an interesting set of articles that have a different approach using fake DNS lookups. Hacking Linux Exposed has released a three part series (well actually its 5 parts, but only three are useful to you) discussing how to use Net:Pcap to sniff for certain packets, run a program based on those packets and then send commands to that program. And it is even updated to use iptables! You can read each part of the series to understand what I am talking about:
It's a good read, and includes some perl scripts to make your life easy. If you feel you want to build covert channels to your machines, this may be the article you need. You could even use these articles as a base to create remote execution code sequences (like sending a crafted packet to start an automated penetration test from the server to the network you might currently be on) or extend it to do evil like DDoS attacks based on incoming packet sequence. YMMV. Use it responsibly please! Have fun! Posted by SilverStr at September 28, 2003 12:32 AM |
 
My 5 Favorite Books
Writing Secure Code
Secure Programming Cookbook Security Engineering Secure Coding Principles & Practice Inside the Security Mind
My 5 Favorite Papers
Smashing the Stack
Penetration Studies Covert Channel Analysis of Trusted Systems DoD Trusted Computer System Evaluation Criteria NSA Security Recommendation Guides
Archives
December 2005
November 2005 October 2005 September 2005 August 2005 July 2005 June 2005 May 2005 April 2005 March 2005 February 2005 January 2005 December 2004 November 2004 October 2004 September 2004 August 2004 July 2004 June 2004 May 2004 April 2004 March 2004 February 2004 January 2004 December 2003 November 2003 October 2003 September 2003 August 2003 July 2003 June 2003 May 2003 April 2003 March 2003 February 2003 January 2003 December 2002 November 2002 October 2002 September 2002 August 2002 July 2002 |
|
