ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Tool enables covert communications

Published: 01 Aug 2003 13:10 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Hackers intent on anonymously sending data across the Internet have a new tool.

A program called NCovert uses spoofing techniques to hide the source of communications and the data that travels over the network -- a potential boon to both privacy advocates and hackers, said Mark Lovelace, senior security researcher for network protection firm BindView, who unveiled the program on Thursday at the Black Hat Briefings security conference in Las Vegas.

"I am not going to beat around the bush," Lovelace said. "If you have something to hide, you would use this -- so it could help black hats (criminal hackers)."

The technique essentially creates a covert channel for communications by hiding four characters of data in the header's initial sequence number (ISN) field. The header is the part of data packets that tells network hardware and servers how to handle the information. The header also includes source and destination Internet protocol (IP) addresses. Those addresses are used to add anonymity to the communications.

Lovelace, known among the security community as "Simple Nomad," said the key to the technique is to forge the source of the IP address to look like the intended recipient of the information, while the destination IP addresses points to another third-party server on the Internet.

The hacker would then send off a data packet to the third-party server with any valid-looking information in the data fields, but the real message would be hidden in four bytes of the ISN field. The packet would contain a message indicating to the third-party server that a computer wants to start a communications session. The server would acknowledge the message, but because of the forged source address, the message would be forwarded on to the recipient.

The technique makes it almost impossible to track where the original message came from, because the data holds only the addresses of the recipient and the third-party server.

The move to the next-generation Internet Protocol, IP version 6, will make it harder to spoof the address of the sender but will allow far more data to be hidden within the headers of the packets, Lovelace said.

"There's a lot more room for data in IPV6," he said.

  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Kyocera

Did you find this article useful?
29 out of 80 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats



Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

Commercial Manager

Luton, you will work with Finance and the IT senior management team to ensure governance and best practice processes are in place and being followed, ...

Project Manager - Asset Management - Investment Systems

In particular the role will involve managing the assessment and implementation of a third party solutions and in-house developed tools.The role will ...

Supplier Manager

RSA is looking for an experienced Supplier Manager to manage a range of third party suppliers and to ensure that we receive maximum value from our ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Biometric devices. Do you need one?

When saying “biometrics” I am not thinking about law enforcement, AFIS systems, national ID and visa projects. I first think about personal solutions that will make my life easier.... More

1 comment

Barracuda launches counter-suit agains...

Court cases are never pleasant or simple. The ongoing battle between security companies Trend Micro and Barracuda Networks took a new twist on Wednesday, when Barracuda launched a counter-suit... More

Post a comment

Mobile Speed Demon: Wireless Surpasses...

Mobile Speed Demon: Wireless Surpasses Landline Author: Eric Everson, Founder MyMobiSafe.com As I look around my house and throughout my network of friends, I instantly realize... More

Post a comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers