¨Uses TCP and IP
headers to create covert channels
¨Data can be hidden
in various fields
–IP Identification
field
•One character embedded
per packet
–TCP sequence
number
•One character embedded
per SYN request and Reset packets
–TCP acknowledgement
number
•One hidden character per packet is relayed by a “bounce” server
¨Can send data over
any TCP source/destination ports
–Can bypass firewall if
use ports such as 25 or 53