Hello guys, I was wondering if these obfuscated ways of tunneling would also be needed to make the job of sysadmins a nightmare to block the SafeNetwork nodes.
There are several projects that attempt to use it as a proof of concept for data exfiltration but I think that it would be useful as an extra protocol to fall back if everything else fails lol
Some interesting projects are:
- Hans: http://code.gerade.org/hans/ (based on http://thomer.com/icmptx/)
- Icmptunnel: https://github.com/DhavalKapil/icmptunnel (it is claimed that it is so fast that it like having no tunnel at all)
- ptunnel: http://www.cs.uit.no/~daniels/PingTunnel/
- Heyoka (using spoofed DNS requests): http://heyoka.sourceforge.net/
- dnscat2 (specifically designed for C&C and exfiltration): https://github.com/iagox86/dnscat2
(and some others, but I think these are the main ones that are worth taking a look)
There is a VPN project in Japan that is offering VPN-over-ICMP and VPN-over-DNS features, and that is just the beginning:
Look at all the crazy features they are providing, it is simply mindblowing:
Some techniques are more exposed to statistical analysis of traffic and abnormal behavior, Heyoka seems to be more stealthy than the others DNS methods.
There is an interesting talk that addresses covert tunnels, and it may be interesting if these techniques can be tweaked and added to the Safe Network multiprotocol arsenal.