On Fri, 2007-05-04 at 07:26 -0600, Open Phugu wrote: > > if you deny icmp, you shall burn in hell > You may burn in hell, but ICMP can be used to infiltrate and exfiltrate data: > http://www.cs.uit.no/~daniels/PingTunnel/ > >
This looks like it's pretty trivially defeated; bzero()'ing the data portion of the ICMP echo request/response removes the piggybacked data channel. For even more fun, you could overwrite the actual data in the covert channel with a fun message about the Care Bears. Or, for bonus points, some nice Harry Potter slashfic ;-) - Bert
