Covert_TCP
¨http://www.psionic.com/papers/covert
¨Uses TCP and IP headers to create covert channels
¨Data can be hidden in various fields
–IP Identification field
•One character embedded per packet
–TCP sequence number
•One character embedded per SYN request and Reset packets
–TCP acknowledgement number
•One hidden character per packet is relayed by a  “bounce” server
¨Can send data over any TCP source/destination ports
–Can bypass firewall if use ports such as 25 or 53