Unusual firewall bypassing techniques, network and computer security.

Either the well was very deep, or she fell very slowly, for she had plenty of time as she went down to look about her and to wonder what was going to happen next. First, she tried to look down and make out what she was coming to, but it was too dark to see anything; then she looked at the sides of the well, and noticed that they were filled with cupboards and book-shelves;

Lewis Carroll "Alice In Wonderland"
Chinese French Russian Spanish Polish Italian
Home | Projects | Papers | Forum | Team | Links | Contributions

Our papers

[September 2006] How to cook a covert channel; -Team GW; [plain text] [Hakin9 pdf]

[October 2005] Covert channels through the looking glass; -Team GW; [plain text]

[March 2004] Reverse Tunneling Techniques: theoretical requirements for the GW implementation; -Jeremian; [plain text]

[January 2004] A Forensic Analysis : HTTP Protocol; -Alex Dyatlov; [html]

[July 2003] Covert Channel and Tunneling over the HTTP protocol Detection : GW implementation theoretical design; -Simon Castro; [plain text], [html]

[Juillet 2003] Exploitation des flux autorisés par un système de contrôle d'accès réseau pour un transfert de données arbitraires : Tunneling et canaux cachés au sein du protocole HTTP - Version Française; -Alex Dyatlov, Simon Castro; [plain text], [html]

[June 2003] Exploitation of data streams authorized by a network access control system for arbitrary data transfers : tunneling and covert channels over the HTTP protocol; -Alex Dyatlov, Simon Castro; [plain text], [html]

Network Access Control System bypassing and Covert Channels theory [sort by title]

Tools related to next papers and locally mirrored : These tools are copy[right|left]ed by their authors :). We do not provide any guarantee these programs work properly and do not contain security holes.

ACK Tunneling Trojans [] -Arne Vidstrom
Covertly bypassing the Firewall -Lordloki
Legitimate Sites as Covert Channels -Errno Jones
Placing Backdoors Through Firewalls [rwwwshell-2.0.tar.gz] -van Hauser / THC
Rootshell with icmp_rcv() Hooking -sedn4[at]
Thinking About Firewalls -Marcus J. Ranum
~Whispers On The Wire~ Network Based Covert Channels Exploitation & Detection -Pukhraj Singh

A Note on the Confinement Problem (1973) -Butler W. Lampson

Architectural Implications of Covert Channels (1992) -Norman E. Proctor and Peter G. Neumann Computer Science Lab

A Guide to Understanding Covert Channel Analysis of Trusted Systems (1993) -National Computer Security Center
A Pump for Rapid, Reliable, Secure Communication (1993) -M.H. Kang, I.S. Moskowitz

Covert Channels Here to Stay? (1994) -Ira S. Moskowitz, Myong H. Kang
Discussion of a Statistical Channel (1994) -Ira S. Moskowitz, Myong H. Kang
The b2/c3 problem: how big buffers overcome covert channel cynicism in trusted database systems (1994) -J. McDermott
Simple Timing Channels (1994) -Ira S. Moskowitz, Allen R. Miller

Covert Channel Analysis (1995) -John McHugh

A Network Pump (1996) -M.H. Kang, I.S. Moskowitz, D.C. Lee
Covert Channels in the TCP/IP Protocol Suite (1996) -Craig H. Rowland
Project Loki (1996) -daemon9 for Phrack Magazine

Establishing Big Brother using covert channels and other covert techniques (1997) -Y. Desmedt
Project Loki 2 (1997) -daemon9 for Phrack magazine

Chaffing and Winnowing: Confidentiality without Encryption (1998) -Ronald L. Rivest MIT Lab for Computer Science
DNS Tunnel - through bastion hosts (1998) -Oskar Pearson

Information Hiding - a Survey (1999) -F.A.P. Petitcolas, R.J. Anderson, M.G. Kuhn - Proceedings of the IEEE

IP Checksum Covert Channels and Selected Hash Collision (2001) -Christopher Abad

A Discussion of Covert Channels and Steganography (2002) -Mark Owens
Ambiguities in TCP/IP - firewall bypassing (2002) -Paul Starzetz
Bypassing Firewalls: Tools and Techniques (2002) -Jake Hill
Covert Channel Analysis and Data Hiding in TCP/IP (2002) -Kamran Ashan
Covert Channels in TCP/IP Headers (2002) -Drew Hintz
Covert Shells (2002) -J. Christian Smith
Detecting HTTP Tunneling Activities (2002) -D.J. Pack, W. Streilein, S. Webster, R. Cunningham
Eliminating Steganography in Internet Traffic with Active Wardens (2002) -G. Fisky, M. Fisk, C. Papadopoulos, J. Neil
Quantifying Information Flow (2002) -Gavin Lowe
Infranet: Circumventing Web Censorship and Surveillance (2002) -N. Feamster, M. Balazinska, G. Harfst, H. Balakrishnan, D. Karger MIT Laboratory for Computer Science
Practical Data Hiding in TCP/IP (2002) -K. Ahsan, D. Kundur
Stealth Attack Against Personal Firewalls (2002) -Brian McWilliams for Newsbytes

Adaptation and Performance of Covert Channels in Dynamic Source Routing (2003) -M. Marone
Covert channels and anonymizing networks (2003) -Ira S. Moskowitz, R.E. Newman, D.P. Crepeau, A.R. Miller
Covert channels detection in protocols using scenarios (2003) -L. Helouet, C. Jard, M. Zeitoun
HICCUPS: Hidden Communication System for Coruppted Networks (2003) -K. Szczypiorski
Malacious ICMP Tunneling : Defense Against the Vulnerability [icmp_mon.tar.gz] (2003) -A. Singh, O. Nordstrom, C. Lu, A. L M dos Santos
Messaging over IPv6 Destination Options [j6p.tar.bz2] (2003) -Thomas Graf
New covert channels in HTTP: adding unwitting Web browsers to anonymity sets (2003) -M. Bauer
Quasi-Anonymous Channels (2003) -I. Moskowitz, R. Newman, P. Syverson
Using Spam As A Vector Of Back Door Communication (2003) -Vision Through Sound

Covert Channel Analysis and Detection with Reverse Proxy Servers using Microsoft Windows (2004) -Llamas D., Allison C., Miller A.
Covert Channels for Collusion in Online Computer Games (2004) -S.J. Murdoch, P. Zielinski
Eraser: An Exploit - Specific Monitor to Prevent Malicious Communication Channel (2004) -A. Singh
IP covert timing channels: design and detection (2004) -S. Cabuk, C. E. Brodley, C. Shields
The Implementation of Passive Covert Channels in the Linux Kernel [nushu.tar.gz] (2004) -Joanna Rutkowska for CCC 2004
Scenarios and Covert channels: another game... (2004) -L. Helouet, M. Zeitoun, A. Degorre
Syntax and Semantics-Preserving Application-Layer Protocol Steganography (2004) -N. Lucena, J. Pease, P. Yadollahpour, S. J. Chapin
Web Tap : Detecting Covert Web Traffic (2004) -K. Borders, A. Prakash

An Evaluation Framework for the Analysis of Covert Channels in the TCP/IP protocol suite (2005) -Llamas D., Allison C., Miller A.
Caracterisation des canaux caches en logique temporelle alternante (Rapport de stage Master) (2005) [fr] -Aldric Degorre
Covert Channels in Internet Protocols: A Survey (2005) -Llamas D., Allison C., Miller A.
Data Hiding in Identification and Offset IP Fields (2005) -E. Cauich, R. Gomez Cardenas, R. Watanabe
Detecting NUSHU Covert Channels Using Neural Networks (2005) -E. Tumoian, M. Anikeev
Detection of Covert Channel Encoding in Network Packet Delays (2005) -V. Berk, A. Giani, G. Cybenko
The Dining Freemasons (2005) -M. Bond, G. Danezis
Embedding Covert Channels into TCP/IP (2005) -S.J. Murdoch, S. Lewis
New Constructive Approach to Covert Channel Modeling and Channel Capacity Estimation (2005) -Z. Wang, R. Lee
Sistema de deteccao de backdoors e canais dissimulados (2005) -C.H. P.C. Chaves, A. Montes
The Pump: A Decade of Covert Fun (2005) -M.H. Kang, I.S. Moskowitz, S. Chincheck

Data Exfiltration and Covert Channels (2006) -A. Giani, V.H. Berk, G.V. Cybenko
Research Report: Covert Channels 2005/2006 (2006) -M. Smeets, M. Koot
Application Layer Covert Channel Analysis and Detection (2006) -Zbigniew Kwecka
Keyboards and Covert Channels - JitterBugs [ext] (2006) -G. Shah, A. Molina and M. Blaze

Covert Channel Analysis in TCP/IP networks (2007) -Allix P.
Protocol Hopping Covert Channels (2007) -S. Wendzel
Real-Time Steganography with RTP (2007) -I)ruid
XSS Tunneling (2007) -Ferruh Mavituna

Security and Computer systems

The Inevitability of Failure: The Flawed Assumption of Security in Modern Computing Environments (1998) -Peter A. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, John F. Farrell
Departement of Defense Trusted Computer system evaluation criteria - 5200.28-STD (1985) - DoD standard
Extension to 5200.28-STD to trusted network systems and components. (1987) - National Computer Security Center


RFC 2109 : HTTP State Management Mechanism (1997)
RFC 2616 : Hypertext Transfer Protocol -- HTTP/1.1 (1999)
RFC 3093 : Firewall Enhancement Protocol (FEP) (2001)

5445414D20477261792D57 6F726C642E4E6574

Team member's sites: hhworld/ The Hitchhiker's World e-zine

GNU  GNU General Public License
 GNU Free Documentation License