Unusual firewall bypassing techniques, network and computer security.

After a while, finding that nothing more happened, she decided on going into the garden at once; but, alas for poor Alice! when she got to the door, she found she had forgotten the little golden key, and when she went back to the table for it, she found she could not possibly reach it: she could see it quite plainly through the glass, and she tried her best to climb up one of the legs of the table, but it was too slippery; and when she had tired herself out with trying, the poor little thing sat down and cried.

Lewis Carroll "Alice In Wonderland"
Chinese French Russian Spanish Polish Italian
Home | Projects | Papers | Forum | Team | Links | Contributions

Our papers

[September 2007] g00gle CrewBots -Matteo Memelli; [plain text]

[September 2006] How to cook a covert channel; -Team GW; [plain text] [Hakin9 pdf]

[October 2005] Covert channels through the looking glass; -Team GW; [plain text]

[March 2004] Reverse Tunneling Techniques: theoretical requirements for the GW implementation; -Jeremian; [plain text]

[January 2004] A Forensic Analysis : HTTP Protocol; -Alex Dyatlov; [html]

[July 2003] Covert Channel and Tunneling over the HTTP protocol Detection : GW implementation theoretical design; -Simon Castro; [plain text], [html]

[Juillet 2003] Exploitation des flux autorisés par un système de contrôle d'accès réseau pour un transfert de données arbitraires : Tunneling et canaux cachés au sein du protocole HTTP - Version Française; -Alex Dyatlov, Simon Castro; [plain text], [html]

[June 2003] Exploitation of data streams authorized by a network access control system for arbitrary data transfers : tunneling and covert channels over the HTTP protocol; -Alex Dyatlov, Simon Castro; [plain text], [html]

Covert Channels in computer networks papers resources

The home of Sebastian Zander at the Centre for Advanced Internet Architectures :

Network Access Control System bypassing and Covert Channels theory [sort by year]

Tools related to next papers and locally mirrored : These tools are copy[right|left]ed by their authors :). We do not provide any guarantee these programs work properly and do not contain security holes.

A Discussion of Covert Channels and Steganography (2002) -Mark Owens
A Guide to Understanding Covert Channel Analysis of Trusted Systems (1993) -National Computer Security Center
A Network Pump (1996) -M.H. Kang, I.S. Moskowitz, D.C. Lee
A Note on the Confinement Problem (1973) -Butler W. Lampson
A Pump for Rapid, Reliable, Secure Communication (1993) -M.H. Kang, I.S. Moskowitz
ACK Tunneling Trojans [] -Arne Vidstrom
Adaptation and Performance of Covert Channels in Dynamic Source Routing (2003) -M. Marone
Ambiguities in TCP/IP - firewall bypassing (2002) -Paul Starzetz
Architectural Implications of Covert Channels (1992) -Norman E. Proctor and Peter G. Neumann Computer Science Lab
An Evaluation Framework for the Analysis of Covert Channels in the TCP/IP protocol suite (2005) -Llamas D., Allison C., Miller A.
Application Layer Covert Channel Analysis and Detection (2006) -Zbigniew Kwecka
Bypassing Firewalls: Tools and Techniques (2002) -Jake Hill
Caracterisation des canaux caches en logique temporelle alternante (Rapport de stage Master) (2005) [fr] -Aldric Degorre
Chaffing and Winnowing: Confidentiality without Encryption (1998) -Ronald L. Rivest MIT Lab for Computer Science
Covert Channel Analysis (1995) -John McHugh
Covert Channel Analysis and Data Hiding in TCP/IP (2002) -Kamran Ashan
Covert Channel Analysis and Detection with Reverse Proxy Servers using Microsoft Windows (2004) -Llamas D., Allison C., Miller A.
Covert Channel Analysis in TCP/IP networks (2007) -Allix P.
Covert channels and anonymizing networks (2003) -Ira S. Moskowitz, R.E. Newman, D.P. Crepeau, A.R. Miller
Covert channels detection in protocols using scenarios (2003) -L. Helouet, C. Jard, M. Zeitoun
Covert Channels for Collusion in Online Computer Games (2004) -S.J. Murdoch, P. Zielinski
Covert Channels Here to Stay? (1994) -Ira S. Moskowitz, Myong H. Kang
Covert Channels in Internet Protocols: A Survey (2005) -Llamas D., Allison C., Miller A.
Covert Channels in TCP/IP Headers (2002) -Drew Hintz
Covert Channels in the TCP/IP Protocol Suite (1996) -Craig H. Rowland
Covert Shells (2002) -J. Christian Smith
Covertly bypassing the Firewall -Lordloki
Data Exfiltration and Covert Channels (2006) -A. Giani, V.H. Berk, G.V. Cybenko
Data Hiding in Identification and Offset IP Fields (2005) -E. Cauich, R. Gomez Cardenas, R. Watanabe
Detecting NUSHU Covert Channels Using Neural Networks (2005) -E. Tumoian, M. Anikeev
Detection of Covert Channel Encoding in Network Packet Delays (2005) -V. Berk, A. Giani, G. Cybenko
Detecting HTTP Tunneling Activities (2002) -D.J. Pack, W. Streilein, S. Webster, R. Cunningham
The Dining Freemasons (2005) -M. Bond, G. Danezis
Discussion of a Statistical Channel (1994) -Ira S. Moskowitz, Myong H. Kang
DNS Tunnel - through bastion hosts (1998) -Oskar Pearson
Eliminating Steganography in Internet Traffic with Active Wardens (2002) -G. Fisky, M. Fisk, C. Papadopoulos, J. Neil
Embedding Covert Channels into TCP/IP (2005) -S.J. Murdoch, S. Lewis
Eraser: An Exploit - Specific Monitor to Prevent Malicious Communication Channel (2004) -A. Singh
Establishing Big Brother using covert channels and other covert techniques (1997) -Y. Desmedt
HICCUPS: Hidden Communication System for Coruppted Networks (2003) -K. Szczypiorski
Quantifying Information Flow (2002) -Gavin Lowe
Information Hiding - a Survey (1999) -Fabien A. P. Petitcolas, Ross J. Anderson, Markus G. Kuhn - Proceedings of the IEEE
Infranet: Circumventing Web Censorship and Surveillance (2002) -Nick Feamster, Magdalena Balazinska, Greg Harfst, Hari Balakrishnan, David Karger MIT Laboratory for Computer Science
IP Checksum Covert Channels and Selected Hash Collision (2001) -Christopher Abad
IP covert timing channels: design and detection (2004) -S. Cabuk, C. E. Brodley, C. Shields
Keyboards and Covert Channels - JitterBugs [ext] (2006) -G. Shah, A. Molina and M. Blaze
Legitimate Sites as Covert Channels -Errno Jones
Malacious ICMP Tunneling : Defense Against the Vulnerability [icmp_mon.tar.gz] (2003) -A. Singh, O. Nordstrom, C. Lu, A. L M dos Santos
Messaging over IPv6 Destination Options [j6p.tar.bz2] (2003) -Thomas Graf
New Constructive Approach to Covert Channel Modeling and Channel Capacity Estimation (2005) -Z. Wang, R. Lee
New covert channels in HTTP: adding unwitting Web browsers to anonymity sets (2003) -M. Bauer
Placing Backdoors Through Firewalls [rwwwshell-2.0.tar.gz] -van Hauser / THC
Practical Data Hiding in TCP/IP (2002) -K. Ahsan, D. Kundur
Project Loki (1996) -daemon9 for Phrack Magazine
Project Loki 2 (1997) -daemon9 for Phrack magazine
Protocol Hopping Covert Channels (2007) -S. Wendzel
The Implementation of Passive Covert Channels in the Linux Kernel [nushu.tar.gz] (2004) -Joanna Rutkowska for CCC 2004
The Pump: A Decade of Covert Fun (2005) -M.H. Kang, I.S. Moskowitz, S. Chincheck
Quasi-Anonymous Channels (2003) -I. Moskowitz, R. Newman, P. Syverson
Research Report: Covert Channels 2005/2006 (2006) -M. Smeets, M. Koot
Real-Time Steganography with RTP (2007) -I)ruid
Rootshell with icmp_rcv() Hooking -sedn4[at]
The b2/c3 problem: how big buffers overcome covert channel cynicism in trusted database systems (1994) -J. McDermott
Sistema de deteccao de backdoors e canais dissimulados (2005) -C.H. P.C. Chaves, A. Montes
Using Spam As A Vector Of Back Door Communication (2003) -Vision Through Sound
Scenarios and Covert channels: another game... (2004) -L. Helouet, M. Zeitoun, A. Degorre
Simple Timing Channels (1994) -Ira S. Moskowitz, Allen R. Miller
Stealth Attack Against Personal Firewalls (2002) -Brian McWilliams for Newsbytes
Syntax and Semantics-Preserving Application-Layer Protocol Steganography (2004) -N. Lucena, J. Pease, P. Yadollahpour, S. J. Chapin
Thinking About Firewalls -Marcus J. Ranum
Web Tap : Detecting Covert Web Traffic (2004) -K. Borders, A. Prakash
~Whispers On The Wire~ Network Based Covert Channels Exploitation & Detection -Pukhraj Singh
XSS Tunneling (2007) -Ferruh Mavituna

Security and Computer systems

The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments (1998) -Peter A. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, John F. Farrell
Departement of Defense Trusted Computer system evaluation criteria - 5200.28-STD (1985) - DoD standard
Extension to 5200.28-STD to trusted network systems and components. (1987) - National Computer Security Center


RFC 2109 : HTTP State Management Mechanism (1997)
RFC 2616 : Hypertext Transfer Protocol -- HTTP/1.1 (1999)
RFC 3093 : Firewall Enhancement Protocol (FEP) (2001)

MsnShell - is a kind of covert channel tunneling tool allowing to remotely control a Linux computer through the use of the MSN protocol.
[learn more]

Team member's sites:

GNU  GNU General Public License
 GNU Free Documentation License