Stegtunnel New Release

PacketStorm alerted me to the newest release of stegtunnel. As a network security analyst, I like to keep an eye out for these sorts of tools. I'll test it when I have time. This tool also manipulates the IP ID field, just as Craig Rowland's covert_tcp program did in 1996. From the stegtunnel description:


Stegtunnel is a tool written to hide data within TCP/IP header fields. It was designed to be undetectable, even by people familiar with the tool. It can hide the data underneath real TCP connections, using real, unmodified clients and servers to provide the TCP conversation. In this way, detection of odd-looking sessions is avoided. It provides covert channels in the sequence numbers and IPIDs of TCP connections.

Comments

Anonymous said…
This comment has been removed by a blog administrator.

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics