- http://www.psionic.com/papers/covert
- Uses TCP and IP headers to create covert channels
- Data can be hidden in various fields
- –IP Identification field
- One character embedded per packet
- –TCP sequence number
- One character embedded per SYN request and Reset packets
- –TCP acknowledgement number
- One hidden character per packet is relayed by a “bounce” server
- Can send data over any TCP source/destination ports
- –Can bypass firewall if use ports such as 25 or 53
 |
| Covert_TCP |
