[TOOL] Skeeve - Software For Creating Cover Channel With ICMP Tunnel
From: SecuriTeam (support_at_securiteam.com)
To: email@example.com Date: 25 Jan 2005 18:44:28 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
Skeeve - Software For Creating Cover Channel With ICMP Tunnel
With this Proof Of Concept tool, you can create an ICMP tunnel between two
computers, which may be located in different networks and separated by a
Firewall. Skeeve utilizes ICMP packets and IP address spoofing technology
to create a data channel in order to redirect TCP connections inside this
How it works:
Skeeve creates an ICMP tunnel which is based on the use of a Bounce
This method relies upon the basic IP address spoofing technology. The
Client of the tunnel is trying to send a packet to the Bounce server with
an address of the destination Server as a source IP. The Bounce Server can
replay this packet and forward it to the destination Server. By adding
some payload to the packet, we can establish a covert communication
channel between two computers without direct network interaction.
Skeeve Client accepts TCP connections and works as a converter of the IP
header (by changing protocol flag from TCP to ICMP echo_request|reply and
making some other slight modifications). Skeeve Server is doing the
reverse procedure and restores original IP header settings. Both parts are
implemented in one C program as a Loadable Kernel module.
The tool can be obtained from:
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: firstname.lastname@example.org
In order to subscribe to the mailing list, simply forward this email to: email@example.com
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.