GRAY-WORLD.NET TEAM
Unusual firewall bypassing techniques, network and computer security.

There were doors all round the hall, but they were all locked; and when Alice had been all the way down one side and up the other, trying every door, she walked sadly down the middle, wondering how she was ever to get out again.

Lewis Carroll "Alice In Wonderland"
Alice
Chinese French Russian Spanish Polish Italian
Home | Projects | Papers | Forum | Team | Links | Contributions
 Projects 

With this Proof Of Concept tool, you can simply create an ICMP tunnel between two computers, which may be located in different networks and separated by a firewall. Skeeve utilizes ICMP packets and IP address spoofing technology to create a data channel in order to redirect TCP connections inside this channel.

Skeeve creates an ICMP tunnel which is based on the use of a Bounce server.

This method relies upon the basic IP address spoofing technology. The Client of the tunnel is trying to send a packet to the Bounce server with an address of the destination Server as a source IP. The Bounce Server can replay this packet and forward it to the destination Server. By adding some payload to the packet, we can establish a covert communication channel between two computers without direct network interaction.

Skeeve Client accepts TCP connections and works as a converter of the IP header (by changing protocol flag from TCP to ICMP echo_request|reply and making some other slight modifications). Skeeve Server is doing the reverse procedure and restores original IP header settings. Both parts are implemented in one C program as a Loadable Kernel module.

Ilya
Current Skeeve version: 1.0; README
Download | md5sum: 6fba1f136f30d695114a0b81216f9e90
http://gray-world.net/projects/skeeve/skeeve-1.0.tar.gz

Index of projects



Skeeve - is POC tool allowing to tunnel TCP connection into ICMP echo requests/reply using a spoofing method and a bounce server. [learn more]


Team member's sites: www.infosecwriters.com/ hhworld/ The Hitchhiker's World e-zine


GNU  GNU General Public License
 GNU Free Documentation License
IRC://irc.gray-world.net:6677/gray-world.net
CHANGELOG, MIRRORS, LEGAL NOTICE