Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-Disclosure] ICMP Covert channels question

from [cyberpixl] Network Security [Permanent Link]
Subject: Re: [Full-Disclosure] ICMP Covert channels question
Date: Sun, 30 Jan 2005 15:24:02 +0100 

No, because non-routeable addresses are...well....non-routeable.  The only
exception to this is *if* the target machine already had a session going
with 33.33.33.33 (and it would obviously be nat'd/pat'd) there is a snort
time frame within with your icmp packet would be delivered because the
firewall is still translating the address/port for that session.

Of course you have to know in advance all those variables, so, since you're
sitting right there, just pound the dern thing with a hammer and be done
with it.  :-)

Paul Schmehl (pauls@utdallas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu



Well, what i meant was what if i use the networks router as a bounce
host in order to get the packets into the network? If an icmp packet
arrives at routers wan port with a source ip of an internal host will
it send the echoreply to its lan port? I currently haven't got the
chance to test this, but i will as soon as i can. Then, in order to
receive replyes from the host behind the firewall all I'd have to do
is make it send packets to a bounce server outsede the network, like
google.com with source set to my ip (assuming then that the router
freely allows icmp traffic out of the network).
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-Disclosure] Is there a 0day vuln in this phisher's site?, Thierry Zoller
Next by Date:  Re: [Full-Disclosure] Is there a 0day vuln in this phisher's site?, morning_wood
Previous by Thread:  RE: [Full-Disclosure] ICMP Covert channels question, lists-security
Next by Thread:  Re: [Full-Disclosure] ICMP Covert channels question, Gadi Evron
Indexes:  [Date] [Thread] [Top] [All Lists]