Information Technology Reference
In-Depth Information
Let us now turn to some of the common techniques used to create covert channels
and describe the tools to implement them.
5.2.1 Information Coding in IP Headers
TCP and IP headers provide numerous fields in which information can be sent
secretly.
Figure 8
shows the header format for the IP protocol.
In this case the only field that can be used to set up a covert channel that is not
easy to detect is the
Identification
field, which we will look at more closely below.
The header of the TCP protocol provides several possibilities, but again the covert
channel must be difficult to detect and the best field to use for this is the
SN
(
Sequence
Number
) field. The TCP header looks like in
Fig. 9
.
We can use the Sequence Number field in two ways: using the Initial Sequence
Number or the Acknowledge Sequence Number.
0 4 8 1 6 1 9 2 4 3 2
---------------------------------------------
VERS HLEN Service Type Total Length
---------------------------------------------
Identification
Flags Fragment Offset
---------------------------------------------
Source IP Address
---------------------------------------------
Destination IP Address
---------------------------------------------
IP Options
Padding
---------------------------------------------
Data
---------------------------------------------
F
IG
.8.
0 4 8 1 6 1 9 2 4 3 2
------------------------------------------------
Source Port Destination Port
------------------------------------------------
Sequence Number
------------------------------------------------
Acknowledgment Number
------------------------------------------------
HLEN
Window
------------------------------------------------
Checksum Urgent Pointer
------------------------------------------------
Options
Reserved
Code Bits
Padding
------------------------------------------------
Data
------------------------------------------------
F
IG
.9.
