digg

Facebook Connect Join Digg About

Covert channel tool hides data in IPv6

securityfocus.com "An independent security researcher showed off an early version of a tool for creating covert channels that, he claims, can pass undetected through most firewalls and intrusion detection systems."

Who dugg this? Made popular Aug 12, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

11 Comments

show profanity settings
expand all
  • axentrix, on 10/12/2007, -0/+11Bad headline. What he does, is make a IPv6-through-IPv4 tunnel, and bypass firewalls, since many firewalls don't support these packages, they just forward them, and the data passes undetected.
  • Urusai, on 10/12/2007, -0/+5Doesn't Windows XP Pro have this capability already?

    I'm about sick of all this protocol X over protocol Y tunneling as a means of defeating firewalls...pretty much any protocol can be done that way and it just isn't an excuse for 1) having a poorly configured firewall, and 2) defeating your own crappy firewall using stupid tunneling tricks. SOAP is a fine example (look, let's jam everything through port 80 so's Cisco thinks it's web pages, har har!)
  • tokachu, on 10/12/2007, -1/+4You can do this with any TCP stack, not just with IPv6. It was proven a long time ago.

    See: http://packetstormsecurity.org/sniffers/snort/covertsession-0.4.c
  • sensor, on 10/12/2007, -2/+5This is widely known fact. Not worthy of digg.
  • ashayh, on 10/12/2007, -0/+2My Prof made me go through this article and code in school.

    http://www.firstmonday.org/issues/issue2_5/rowland/

    Does give you a better understanding of IPv4 TCP/IP.
  • osbjmg, on 10/12/2007, -0/+2Many firewalls don't simply let things through due to port numbers. Stateful inspection is meant to watch conversations and make sure things like TCP handshakes are kosher. There are also other packet inspection techniques to classify certain traffic flows no matter what port they are using. A tunnel is one of those, it's not very common to see people deny it though.
  • l0g1c, on 10/12/2007, -0/+1Old news or not, I support any noise that draws attention to IPv6 and its inherent vulnerabilities. No protocol is perfect and the only way to improve it is to throw everything you can at it before it goes mainstream.
  • chess007, on 10/12/2007, -0/+1So, how does a person protect themselves from this type of attack?
  • felderado, on 10/12/2007, -0/+0obvious, and I've already found botnet'd computers being controlled by this.
  • Amnesia10, on 10/12/2007, -1/+1I assume that now that this flaw is known that those programs that access the net are being brought up to date to eliminate this problem.
  • hynell, on 10/12/2007, -4/+0IPv6 sucks

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.