From: "Craig H. Rowland" <crowland@psionic.com>
Date: Wed, 20 Nov 1996 21:29:47 -0800 (PST)
To: cypherpunks@toad.com
Subject: New Paper: Covert Channels in the TCP/IP Protocol Suite
Message-ID: <3293E87A.469FB11D@psionic.com>
MIME-Version: 1.0
Content-Type: text/plain


All,

I have released a new paper entitled: 

Covert Channels in the TCP/IP Protocol Suite

This paper demonstrates several methods of encoding secret data into the
headers of the TCP/IP protocol. Main topics of interest include:

- Encoding data into IP headers.
- Encoding data into TCP headers.

Specific areas of focus allow encoding of data into the IP
identification fields and TCP sequence number fields for clandestine
transmission of data to a remote host. Packets of data appear normal to
network sniffers and packet filters, yet can contain hidden messages in
either plaintext or ciphertext.

Other methods revealed include a new technique where forged packets can
be "bounced" off any Internet connected site to establish a
communication path that appears to originate from the "bounced" host. 
Additionally, several methods are discussed regarding bypassing of
packet filters with encoded data for communication with hosts inside a
protected network.

This paper contains actual demonstrations as well as source code for
Linux 2.x systems to allow encoded transmissions between sites to be
tested.

If you are interested in reading this paper, please visit my website:

http://www.psionic.com/papers.html

This site has VERY limited bandwidth so please be patient if it is slow.

Thank you for your time..

-- Craig