LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   covert channels (https://www.linuxquestions.org/questions/linux-security-4/covert-channels-378314/)

ddaas 10-30-2005 08:52 AM
covert channels
 
Hi there,
I found out with great interest about covert channels and covert communication some time ago I thought I must add this type of information to my INFOSEC knowledge.
So if someone wants to talk about covert channels from a theoretical and practical but educational perspective he/she is welcomed.

Any thoughts, links, books, tools etc ....

Until now I've studied about steganography and little about hiding info in network traffic (tcp, udp , icmp etc.)

I liked steghide (linux and windows version) and stegdetect for hiding/finding info in images and audio files.
Interesting is also hyden which embeds info in any binary file.

Covert Channel Tunnelling Testing (cctt) should also be mentioned.


I am waiting for you comments on this subject.



all the best,
ddaas

ddaas 11-01-2005 02:40 AM
I thought this would be an interesting discussion...
No Feedback?

unSpawn 11-01-2005 07:48 AM
I thought this would be an interesting discussion...
No Feedback?

Maybe then you could break the ice with some examples and links? Maybe pose a question that has the potential to lead to a discussion? Maybe narrow the scope a bit as well. Covert channels is quite a wide topic.

primo 11-03-2005 01:20 AM
http://gray-world.net/
There's a great deal of papers & software on the subject.

ddaas 11-03-2005 02:09 AM
1) cctt (covert channel tunnelling tool) seems also a great tool for making arbitrary tcp/udp tunnels and for passing firewall rules.
2) I found out very interesting how hyden uses steganography and hides data in binary files. Your /bin/ls cound carry a text file and it is guarateed from the author (I I've tested it) that the file size doesn't change a bit after the other file is embedded. The algorithm works based on the redundant instruction set of the x86. An inconvenient is that this redundant instructions are limited and the data hidden rate is only 1/110 comparing with steganography in images which has a rate of 1/17 - hidded data/cover data
3) A nice book is http://www.syngress.com/catalog/?pid=3140 It is not very technical and is like a story, but in the end you find out how much you have learnt.
4) Other links:
http://www.sarc-wv.com/
http://www.jjtc.com/pub/r2026.pdf
http://www.fbi.gov/hq/lab/fsc/backis...research01.htm

ddaas 11-03-2005 02:36 AM
Very interesting is how a secret message could be hidden in a inocent text (or not so inocent).
http://www.spammimic.com

What other tools for creating null ciphers do you know?

ddaas 11-03-2005 03:15 AM
Quote:
I found out very interesting how hyden uses steganography
Sorry, is hydan not hyden - http://www.crazyboy.com/hydan/


All times are GMT -5. The time now is 04:31 PM.