Embed Size (px)
Citation preview
Data Hiding in [ICMP Echo] messages
Mikel SolabarrietaThamer Alsuhbani
steganography
ICMP (INTERNET CONTROL MESSAGE PROTOCOL)
● RFC 792 - September 1981
● It is a supporting protocol in the Internet protocol (IP) suite. ● It is used by network devices, to send error messages and operational
information indicating, for example, that a requested service is not available or that a host or router could not be reached, among others.
ICMP (INTERNET CONTROL MESSAGE PROTOCOL)
● ICMP has many messages that are identified by a type field.
● The most popular are: type-0 and type-8 used by ping application.
ICMP (INTERNET CONTROL MESSAGE PROTOCOL)
● Details of a ICMP Echo message
The cover channel - data
We are going to use the data field as cover channel.
This field fit perfect for sending a hidden message.
Note:Changing another ICMP header field is a risk. The protocol might not work properly.
The cover channel - size
How big can be the message to send?
It can be an arbitrary length. However, the packet including IP and ICMP headers must be less than
the maximum transmission (MTU) unit of the network or risk being fragmented.
Our implementation - stegonet
● Python
● Scapy
● Wireshark - tcpdump
● Ping
Used tools:
Our implementation - stegonet
Our implementation - stegonet
Our implementation - stegonet
● As the message is travelling in plain text it represent a disadvantage.
● We implemented a simple, easy to understand cipher method: The Vigenere Coder.
Our implementation - stegonet
● The Vigenere encoder
Our implementation - stegonet
● The Vigenere encoder
Our implementation - stegonet
● Alice will send a message to Bob using ICMP in a public network.
Our implementation - stegonet
● Now, the message is not travelling in plain text anymore.
Thanks
