سلام بچه ها می خوام بدونم کدومتون راجع به این موضوع و طراحی یه نمونه جدید اطلاع دارید؟

http://www.barnamenevis.org/forum/_.gif ICMP Tunneling
Covert Channels are methods in which an attacker can hide the data in a protocol that is undetectable.
Covert Channels rely on techniques called tunneling, which allows one protocol to be carried over another protocol.
ICMP tunneling is a method of using ICMP echo-request and echo-reply as a carrier of any payload an attacker may wish to use, in an attempt to stealthily access, or control a compromised system.
http://www.barnamenevis.org/forum/_.gif


Note The Internet Control Message Protocol is an adjunct to the IP layer. It is a connectionless protocol used to convey error messages and other information to unicast addresses . ICMP packets are encapsulated inside of IP datagram. The first 4-bytes of the header are same for every ICMP message, with the remainder of the header differing for different ICMP message types. There are 15 different types of ICMP messages.
The ICMP types we are concerned with are type ox8 and type 0x8. ICMP type 0x0 specifies an ICMP_ECHOREPLY (the response) and type 0x8 indicates an ICMP _ECHO (the query). The normal course of action is for a type 0x8 to elicit a type 0x0 response from a listening server. (Normally, this server is actually the OS kernel of the target host. Most ICMP traffic is, by default, handled by the kernel). This is what the ping program does.
The concept of ICMP Tunneling involves arbitrary information tunneling in the data portion of ICMP_ECHO and ICMP_ECHOREPLY packets and using them to carry the payload.

Attack Methods Covert Channels are methods in which an attacker can hide the data in a protocol that is undetectable. Covert Channels rely on techniques called tunneling, which allows one protocol to be carried over another protocol. A covert channel is a vessel in which information can pass, but this vessel is not ordinarily used for information exchange.
Therefore, as a matter of consequence, covert channels are impossible to detect and deter using a system's normal (read: unmodified) security policy. In theory, almost any process or bit of data can be a covert channel. In practice, it is usually quite difficult to elicit meaningful data from most covert channels in a timely fashion.
This makes it an attractive mode of transmission for a Trojan. The attacker can use the covert channel and install the backdoor on the target machine.

Concept The concept of ICMP Tunneling is simple: arbitrary information tunneling in the data portion of ICMP_ECHO and ICMP_ECHOREPLY packets. This exploits the covert channel that exists inside of ICMP_ECHO traffic. This channel exists because network devices do not filter the contents of ICMP_ECHO traffic. They simply pass them, drop them, or return them. The Trojan packets themselves are masqueraded as common ICMP_ECHO traffic. We can encapsulate (tunnel) any information we want.


منبع:
http://www.amazon.com/gp/product/0972936211/ref=sr_11_1/102-6086588-6857748?%5Fencoding=UTF8

دوست عزیز (مدیر بخش) من راجع به تئوری این موضوع آشنا می باشم ولی به دنبال اطلاعات جامع تری هستم از جمله سورس کد به همراه توضیحات آن به هر زبانی که باشد .
یک نمونه عملی با سورس کد آن برای سیستم های لینوکس loki است .
با تشکر از اینکه پاسخ من را دادید.