A Covert Channel in TTL Field of DNS Packets
نویسندگان
چکیده
Covert channels are used as a means of secretly transferring information when there is a need to hide the fact that communication is taking place. With the vast amount of traffic on the internet, network protocols have become a common vehicle for covert channels, typically hiding information in the header fields of packets. Domain name service (DNS) packets contain a 32-bit time to live (TTL) fields for each response record. This is the number of seconds the entry is valid for before caching servers remove the entry. There is no prescribed value for this field making it an ideal covert carrier.
منابع مشابه
Covert Channels in the IP Time To Live Field
Covert channels are used for the secret transfer of information. Unlike encryption, which only protects the information from unauthorised observers, covert channels aim to hide the very existence of the communication. The huge amount of data and vast number of different network protocols in the Internet makes it an ideal high-capacity vehicle for covert communication. Covert channels pose a ser...
متن کاملطراحی و ارزیابی روش کدگذاری ترکیبی برای کانال پوششی زمانبندیدار در شبکه اینترنت
Covert channel means communicating information through covering of overt and authorized channel in a manner that existence of channel to be hidden. In network covert timing channels that use timing features of transmission packets to modulating covert information, the appropriate encoding schema is very important. In this paper, a hybrid encoding schema proposed through combining "the inter-pac...
متن کاملIndirect DNS Covert Channel based on Base 16 Matrix for Stealth Short Message Transfer
Covert Channel are the methods to conceal a message in the volatile medium carrier such as radio signal and network packets. Until now, covert channels based on the packet length produce abnormal packet length when the length of the message is long. Abnormal packet length, especially in the normal network will expose the covert channels to network security perimeter. Therefore, it motivates the...
متن کاملDynamics of the IP Time To Live Field in Internet Traffic Flows
The Time To Live (TTL) field present in the IP protocol header is used to limit the lifetime of packets in the network. Previous research has measured TTL for studying path lengths and dynamics in IP networks, and for detecting route changes. How the TTL varies over short timescales of subsequent packets of traffic flows has not yet been analysed. Such knowledge is needed for passively detectin...
متن کاملPSUDP: A Passive Approach to Network-Wide Covert Communication
This paper explores taking a passive approach to covert communication over DNS. By exploiting the slack space that can be created in DNS packets, data may be inserted into packets without affecting the operation of DNS resolvers and security tools. Several locations in the packet exist that allow additional data to be inserted into the network traffic without being noticed by applications befor...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2012