Unusual firewall bypassing techniques, network and computer security.

0100100101110100 011101110110000101110011 011000010110110001101100 01110110011001010111001001111001 01110111011001010110110001101100 0111010001101111 011100110110000101111001 011000000100010001110010011010010110111001101011 01101101011001010010110000100111 011000100111010101110100 011101000110100001100101 01110111011010010111001101100101 011011000110100101110100011101000110110001100101 0100000101101100011010010110001101100101 011101110110000101110011 011011100110111101110100 0110011101101111011010010110111001100111 0111010001101111 0110010001101111

Lewis Carroll "Alice In Wonderland"
Chinese French Russian Spanish Polish Italian
Home | Projects | Papers | Forum | Team | Links | Contributions

Cctde is a first implementation of the Covert Channel and Tunneling over the HTTP protocol Detection : GW implementation theoretical design' paper.

The main goal of this project is to provide a way to register and disclose informations leading to the detection of unauthorized tunnels and covert channels embedded into the HTTP protocol but the concepts could also be applied to the detection of arbitrary data flows inside other high level protocols.

Located between a mandatory http proxy server and the http clients (or before the NACS if no proxy exists), cctde is trying to detect if someone on the internal located network is using a CC|T (Covert Channel OR Tunneling) tool to bypass the NACS.

Located in front of corporate servers in DMZ, cctde is trying to detect if someone located on the Internet is using server side tools such as WebShell or Firepass to run across the NACS boundaries.

Cctde is currently designed as an analysis back-end for the Snort NIDS tool. Snort acts as a network sensor - recording data streams or not in tcpdump format binary files - and communicates with the cctde part using an Unix socket. Cctde then reads Snort alerts and pcap packets from the Unix socket and store them into memory. It is then possible to correlate recorded data in order to detect specific network activities.

Simon Castro
Current Cctde version: 0.2; README, CHANGELOG, EXAMPLES
Download | md5sum: a0fd7e48315d3e38b1c6a3fd689fb47a

Index of projects

MsnShell - is a kind of covert channel tunneling tool allowing to remotely control a Linux computer through the use of the MSN protocol.
[learn more]

Team member's sites:

GNU  GNU General Public License
 GNU Free Documentation License