Fun little idea I started playing around with. I wanted to send data using ping packets ICMP packets are seemed as harmless and it would be hard to distinguish legitimate pings and pings containing encrypted data.
- Populate a Protocol Buffer
- Serialize the Protocol Buffer to a String
- Pad the data if necessary and encrypt with Blowfish
- Create a ICMP packet with a random salt + the encrypted data.
- Sniff for ICMP packets and reverse all the above steps.
Inspired a bit by Loki.
http://www.phrack.org/issues.html?id=6&issue=49Some of things I learned and want to do if I find the time.
- I learned that block ciphers need to pad data.
- Ping replies contain the same data as the request. It makes sense now but I was initially planning to change the data in the reply.
- I'm concerned I'm still not doing things properly. Example theres nothing to stop anybody from replaying a packet. Maybe I could add a timestamp to the protocol buffer and ignore packets that are a minute old or something. I'd liked to figure out how fwknop works.
Source