计算机网络安全技术 不同寻常的网络访问控制系统迂回技术

;sevlehs-koob dna sdraobpuc htiw dellif erew yeht taht deciton dna ,llew eht fo sedis eht ta dekool ehs neht ;gnihtyna ees ot krad oot saw ti tub ,ot gnimoc saw ehs tahw tuo ekam dna nwod kool ot deirt ehs ,tsriF .txen neppah ot gniog saw tahw rednow ot dna reh tuoba kool ot nwod tnew ehs sa emit fo ytnelp dah ehs rof ,ylwols yrev llef ehs ro ,peed yrev saw llew eht rehtiE

Lewis Carroll "Alice In Wonderland"
English French Russian Spanish Polish Italian
网站首页 | 开发项目 | 技术论文 | 自由论坛 | 关于我们 | 热门联接 | 赞助支持

With this Proof Of Concept tool, you can simply create an ICMP tunnel between two computers, which may be located in different networks and separated by a firewall. Skeeve utilizes ICMP packets and IP address spoofing technology to create a data channel in order to redirect TCP connections inside this channel.

Skeeve creates an ICMP tunnel which is based on the use of a Bounce server.

This method relies upon the basic IP address spoofing technology. The Client of the tunnel is trying to send a packet to the Bounce server with an address of the destination Server as a source IP. The Bounce Server can replay this packet and forward it to the destination Server. By adding some payload to the packet, we can establish a covert communication channel between two computers without direct network interaction.

Skeeve Client accepts TCP connections and works as a converter of the IP header (by changing protocol flag from TCP to ICMP echo_request|reply and making some other slight modifications). Skeeve Server is doing the reverse procedure and restores original IP header settings. Both parts are implemented in one C program as a Loadable Kernel module.

Current Skeeve version: 1.0; README
Download | md5sum: 6fba1f136f30d695114a0b81216f9e90

Index of projects

Paper : Reverse Tunneling Techniques: theoretical requirements for the GW implementation.

Team member's sites: hhworld/ The Hitchhiker's World e-zine

GNU  GNU General Public License
 GNU Free Documentation License