-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathMethodDescription.txt
74 lines (74 loc) · 5.16 KB
/
MethodDescription.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
--------------------------------------------------------------------------------
301: Type of Service: 8 bits "aggresive"
https://tools.ietf.org/html/rfc791#page-11
Bits 0-2: Precedence.
Bit 3: 0 = Normal Delay, 1 = Low Delay.
Bits 4: 0 = Normal Throughput, 1 = High Throughput.
Bits 5: 0 = Normal Relibility, 1 = High Relibility.
Bit 6-7: Reserved for Future Use.
0 1 2 3 4 5 6 7
+-----+-----+-----+-----+-----+-----+-----+-----+
| | | | | | |
| PRECEDENCE | D | T | R | 0 | 0 |
| | | | | | |
+-----+-----+-----+-----+-----+-----+-----+-----+
Precedence
111 - Network Control
110 - Internetwork Control
101 - CRITIC/ECP
100 - Flash Override
011 - Flash
010 - Immediate
001 - Priority
000 - Routine
Practise: this field is not tranferable via internet, since is QoS is reseted on borders of ISP. Works only in local networks...
--------------------------------------------------------------------------------
302: same as 301 but using only 2 bits
used: Bit 6-7: Reserved for Future Use.
not used finally, but working
Practise: this field is not tranferable via internet, since is QoS is reseted on borders of ISP. Works only in local networks...
--------------------------------------------------------------------------------
303: https://tools.ietf.org/html/rfc6864
RFC 6864 updated RFC’s 791, 1122, and 2003 to clarify the definition of the IPv4 ID field.
Atomic datagrams: (DF==1)&&(MF==0)&&(frag_offset==0)
Non-atomic datagrams: (DF==0)||(MF==1)||(frag_offset>0)
The IPv4 ID field is thus meaningful only for non-atomic datagrams
Sources emitting non-atomic datagrams MUST NOT repeat IPv4 ID values within one MDL for a given source address/destination address/protocol tuple.
does not repeat within the maximum datagram lifetime (MDL) [RFC791] [RFC1122] which is typically interpreted as two minutes
Practise: this field needs to be changed slowly, but even 10 seconds change make it terribly slow transfer channel, but works over internet.
--------------------------------------------------------------------------------
305: Using IP offset value for transfer and flag MF to indicate that is used.
Value inside offset needs to be %8 == 0, so its hard to use. Some networks dropping fragmented packets. Also very small transfer speeds.
--------------------------------------------------------------------------------
331 alias constant IcmpGenericPing: no steganography, implemented according to RFC
--------------------------------------------------------------------------------
333: using ICMP Identifier 16bit field in EchoRequest (ping) datagram.
Not conflicting with method 335, when selected then left Sequence number untouched.
Practise: good place for steganography, 16 bits, transferable via internet. Some IPS react if this field is changed to offten and too randomly.
--------------------------------------------------------------------------------
335: using ICMP Sequence number 16 bit field in EchoRequest (ping) datagram.
Not conflicting with method 333.
Sequence number is increasing during transmission => should be used only once.
Practise: good place for steganography, 16 bits, transferable via internet. Some IPS react if this field is changed to offten and too randomly.
--------------------------------------------------------------------------------
4xx: TCP
actually not very good place, since there is ony Sequence and Acknumber which is enought big for stego, but is only
initialized once. Implementation of TCP method needs to be done manually and is quite exhausting...
--------------------------------------------------------------------------------
701: no steganography, implemented according to RFC
--------------------------------------------------------------------------------
703: using DNS ID field from https://www.ietf.org/rfc/rfc1035.txt
ID A 16 bit identifier assigned by the program that generates any kind of query. This identifier is copied
the corresponding reply and can be used by the requester to match up replies to outstanding queries.
Practise: very good place, transferable via internet
--------------------------------------------------------------------------------
705: using DNS request but appending DNS response field.
Inside response IP address (32 bit) is coded stego
--------------------------------------------------------------------------------
731: just http get without steganography, originally testing method
--------------------------------------------------------------------------------
733: using steganography to URL field. Making request for some predefined social network and appending to that
already complicated URL some additional stego converted to hex. After that is appended smth like .jpg or similar
so after cut off is there 64 bit string of stego information. Transferable via internet, just easily detectable
since URL is invalid. Server returns 200 OK for that request.
--------------------------------------------------------------------------------