In most cases 10/8, 192.168/16 and 172.16/12 are not routable across
the Internet, although there are some exceptions.
However, if your packet does manage to reach it the destination
network, traverse the firewall and hit it's target, you can be
reasonably certain that the response, be it a TCP SYN-ACK, an ICMP
unreachable of some sort or just an ICMP echo reply, it will quite
happily find it's way to the internal host whom you spoofed for review.
Thanks,
Darren Bounds
Intrusense LLC.
--
Intrusense - Securing Business As Usual
On Jan 28, 2005, at 5:45 PM, cyberpixl wrote:
I've been doing some research on creating covert channels using icmp
packets and a bounce server and so far everything worked fine. I can
contact my web server through a bounce server outside of my network
(like www.google.com or whatever). In my current setup both client and
target are located in the same network and comunicate through the
bounce server using icmp packets.
Now, would it be possible to access a server behind a firewall, that
normally isn't accessable, using this technique, if i'm outside of the
target network?
Assume there is a local machine (our target) with ip 192.168.0.2 that
is connected to the internet using a router 192.168.0.1/88.88.88.88
(that is not blocking icmp packets) and my machine is say,
33.33.33.33. If i then send an icmp packet to the 88.88.88.88 router
with source ip set to 192.168.0.2, would it forward that packet to the
host in its local network, or will it discard it? Is there any way to
deliver my packet to that local machine?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
