Covert Channels In IPv6

Marc Heuse mh at
Thu Jun 16 09:55:01 CEST 2011

Hi Rafa,

this is kinda a hopeless thing. I did a quick look at this a year ago -
everything there can be misused as a covert channel.
I even implemented a tool where you can just put data into destination
extension headers with unused options (the type which are ignored if
unknown) - and it bypasses all firewalls (fw-1, cisco asa, netscreen).
its called covert_send6 and can by found in my thc-ipv6 package at

but covert channels in ipv6 are a not so important security topic. a
simple proxy will already secure you from that, and a security
infrastructure which does not have a dmz based on secure application
gateways has a weak security design anyway.
covert channels in uper level protocols that survive security gateways -
thats the important stuff. (and still easy to do)


Am 15.06.2011 14:36, schrieb Rafa Sanchez:
> Hi folks,
> I´ve recently started off a research on IPv6 covert channels.
> It would be nice if anyone of you could give me whatever kind of
> infomation regarding covert Channels in IPv6.
> Greetings and thanks in advance.
> Rafa S.

Marc Heuse
Mobil: +49 177 9611560
Fax: +49 30 37309726

Marc Heuse - IT-Security Consulting
Winsstr. 68
10405 Berlin

Ust.-Ident.-Nr.: DE244222388
PGP: FEDD 5B50 C087 F8DF 5CB9  876F 7FDD E533 BF4F 891A

More information about the ipv6-ops mailing list