1

I recently came across a topic of network steganography, mostly connected with modifying the headers of IP, TCP, ICMP. I was looking for some real-world examples of malware that uses it. I only found two ICMP related examples - Nanolocker and Pingback. But I have a hard time finding ones connected with IP and TCP.

Do you know any examples?

roffensive
  • 111
  • 2
  • 1
    Not to say that such malware doesn't exist, but because modifying arbitrary TCP headers likely isn't possible without using a custom TCP stack, which is complicated and reasonably large, it's likely not a common technique. ICMP-based techniques are likely more common because ICMP is not usually stateful, unlike TCP. – bk2204 Jun 13 '21 at 20:40
  • are you looking for *any* network steg, or steg that uses TCP/IP, specifically? There is network steg that uses HTTP and DNS. – schroeder Jun 14 '21 at 18:45

1 Answers1

-1

There are plenty of such examples - see, e.g., a list maintained by Dr. Luca Caviglione (CNR)

There are also some previous examples mentioned in publications:

schroeder
  • 123,438
  • 55
  • 284
  • 319
WoYtek
  • 1
  • 2
    Please do not post just the links. Include the relevant parts of the links in your answer here. Caviglione's list does not incldue TCP/IP steg. The papers you list do not have obvious examples, so it is difficult to see how they answer the question. If you included the relevant data from the links, then we don't waste time trying to find what you orginally saw. – schroeder Jun 14 '21 at 18:50