The Designed And Realization Of Covert Tunnel Based On HTTP And Windows Message Mechanism

With rapid development of information and network technology, as well as their continuous penetration into military realm, computer network is becoming the hinge in information battle field in the future. Computer network based attack and defense has drawn great attention. Some attacks on computers can obtain valuable intelligence which other weapon systems can never archive.Network covert channel has been widely used for network attack. By definition it involves hiding information in the medium, which is not usually used for any form of information transfer. They use resources often perceived as safe, and unable to carry data, to hide covert payload. Therefore, through network covert channel, hackers can easily penetrate firewall and bypass IDS.Although all levels of the TCP/IP model are vulnerable to covert channel operations, this dissertation identified Application Layer as the most vulnerable level. Out of the commonly used protocols, SMTP, DNS and HTTP have been recognized as those, which may carry hidden payload in and out secure perimeters. Due to HTTP's inherent advantage, this dissertation investigated the covert channel operations under HTTP.This dissertation describes a new approach for covert channel communications under HTTP in the Microsoft Windows environment. Through using Windows messaging to hijack and control applications that have network access, we build network covert channel, which can bypass network firewall and IDS.The thesis structure is as follows:Firstly, this dissertation not only investigates the message structure of HTTP in detail, but also provides general models and methods for covert channel operations.Secondly, this dissertation studies the message structure of Microsoft Windows System .In further, we investigate the message mechanism of Microsoft Windows System.Then, we give the high level overview and detail of the proposed prototype.Finally, we test the prototype in the environment which uses Snort as IDS and Symantec AntiVirus, SkyNet as firewall. In addition, according to the result, we analyse the performance of this prototype.In summary, we hope this dissertation can contribute to the advancement of the firewall and IDS.