1996-03-11 - Re: TCP/IP Stego (was CU-SeeMe)

Header Data

From: frantz@netcom.com (Bill Frantz)
To: cypherpunks@toad.com
Message Hash: efb183d623df8374eb1bf4df644620201b52f60988f1c293d0998f6dd332b66c
Message ID: <199603082056.MAA20781@netcom7.netcom.com>
Reply To: N/A
UTC Datetime: 1996-03-11 02:23:20 UTC
Raw Date: Mon, 11 Mar 1996 10:23:20 +0800

Raw message

From: frantz@netcom.com (Bill Frantz)
Date: Mon, 11 Mar 1996 10:23:20 +0800
To: cypherpunks@toad.com
Subject: Re: TCP/IP Stego (was CU-SeeMe)
Message-ID: <199603082056.MAA20781@netcom7.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


At 12:19 PM 3/8/96 -0800, Jim McCoy wrote:
>... The original
>technique of doing stego on packets is still valid, and by adding it in
>to a WinSock lib or linux tcp/ip implementation the user can send hidden
>messages just by connecting to a friendly stego-enhanced web server out
>on the net and doing some casual browsing.

If you can hack your TCP implementation, you should be able (with a high
probability) stego information in a few bits of the TCP checksum by
adjusting the packet boundries of the TCP stream.  An error correcting code
protocol would cover the cases where you couldn't get that *%$# bit set
correctly.  Please note that this technique would not result in TCP
checksum errors.


------------------------------------------------------------------------
Bill Frantz       | The CDA means  | Periwinkle  --  Computer Consulting
(408)356-8506     | lost jobs and  | 16345 Englewood Ave.
frantz@netcom.com | dead teenagers | Los Gatos, CA 95032, USA







Thread