Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Internet Security Industry News

Hackers look to hide Internet communications

Save your company's valuable data with Proxy Sentinel™ from Internet Security. Click here for all the details.

August 4th, 2003

Hackers intent on anonymously sending data across the Internet have a new tool. A program called NCovert uses spoofing techniques to hide the source of communications and the data that travels over the network, said Mark Loveless, senior security researcher for network protection firm BindView.

"I am not going to beat around the bush," Loveless said. "If you have something to hide, you would use this--so it could help black hats (criminal hackers)." The technique essentially creates a covert channel for communications by hiding four characters of data in the header's initial sequence number (ISN) field. The header is the part of data packets that tells network hardware and servers how to handle the information. The header also includes source and destination Internet protocol (IP) addresses. Those addresses are used to add anonymity to the communications.

Loveless, known among the security community as "Simple Nomad," said the key to the technique is to forge the source of the IP address to look like the intended recipient of the information, while the destination IP addresses points to another third-party server on the Internet. The hacker would then send off a data packet to the third-party server with any valid-looking information in the data fields, but the real message would be hidden in four bytes of the ISN field. The packet would contain a message indicating to the third-party server that a computer wants to start a communications session. The server would acknowledge the message, but because of the forged source address, the message would be forwarded on to the recipient.

The technique makes it almost impossible to track where the original message came from, because the data holds only the addresses of the recipient and the third-party server. The move to the next-generation Internet Protocol, IP version 6, will make it harder to spoof the address of the sender but will allow far more data to be hidden within the headers of the packets, Loveless said.

"There's a lot more room for data in IPV6," he said.

Article by Robert Lemos
Source: C-Net News


Save Internet Security.ca's URL to the list of your favorite web sites
in your Web browser by clicking here.

Back to the top of the page.         
Click here to order your Proxy Sentinel™ Internet security server today!

Proxy Sentinel™ is the most secure Internet proxy server on the market today. Click here for more information.
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing

| Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact |
Copyright © Internet Security.ca 2003    Terms of use    Privacy agreement    Legal disclaimer