No announcement yet.

Stealth data dispersal:ICMP moon-bounce

  • Filter
  • Time
  • Show
Clear All
new posts

  • Stealth data dispersal:ICMP moon-bounce

    I was reading this presentation which was in Defcon 10( I didn't go).. and I have a question because I think I am missing on something but not sure what:

    How does computer B know to ACK A and not anyother computer on the network. That taking into consideration the fact that the initial packet from A to computer Victim V is a "spoofed echo request (with B's Src Address).......
    thus the packet doesn't have SRc address as being A.....
    Will the address that B will ack back to in this case be part of the key? and if so doesn't this suppose you have modified the behaviour of computer B to respond differently to ICMP requests to accomodate the "fact that the address to ACK back to will be in the data section?"...
    Doesn't this in sequence make the reaction predictable , thus detectable thus not stealth anymore?

    The paper is here by the way:
    under Defcon 10, privacy/anonymity
    "Everything that's countable doesn't necessarily count. What counts isn't necessarily countable."
    Albert Einstein