PS3. Add Redundancy Pattern (also P3)


Initial publication S. Wendzel, S. Zander, B. Fechner, C. Herdin in [1]
Illustration The covert channel creates new space within a given header element or within a PDU to hide data into.
Context Network Covert Storage Channels → Modification of Non-Payload → Structure Modifying
Evidence Z. Trabelsi and I. Jawhar. 2010. Covert File Transfer Protocol Based on The IP Record Route Option. Journal
of Information Assurance and Security (JIAS) 5, 1 (2010).

T. Graf. 2003. Messaging over IPv6 Destination Options. (2003). http://gray-world.net/papers/messip6.txt,
retrieved: December 2013.

A. Getchell. 2008. RE: For those interested in covert channels. (2008). A posting on the securityfocus penetration testing mailinglist, http://www.securityfocus.com/archive/101/499640, retrieved: December 2013.

For further evidence entries cf. [1].
Implementation
  • CCEAP
  • This tool by Binni Shah adds additional option(s) to the TCP header to carry covert data (good explanation is available).
  • C. Heinz: TLSCC (University of Hagen)

References:
[1] S. Wendzel, S. Zander, B. Fechner, C. Herdin: Pattern-based Survey and Categorization of Network Covert Channel Techniques, ACM Computing Surveys, Vol. 47, Issue 3, pp. 50:1-26, ACM, 2015.
An early version of the article is available here: download.

Keine Kommentare:

Kommentar veröffentlichen

Abonnieren Posts (Atom)