Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/cdpxe/NELphase

Network Environment Learning (NEL) Phase for Covert Channels (with a Feedback Channel)
https://github.com/cdpxe/NELphase

covert-channel firewall firewalls information-hiding network-security network-steganography performance-analysis research research-paper research-project research-tool scientific-publications security-tools steganography

Last synced: about 2 months ago
JSON representation

Network Environment Learning (NEL) Phase for Covert Channels (with a Feedback Channel)

Host: GitHub
URL: https://github.com/cdpxe/NELphase
Owner: cdpxe
License: gpl-3.0
Created: 2017-05-04T08:51:13.000Z (over 7 years ago)
Default Branch: master
Last Pushed: 2024-10-29T18:40:52.000Z (3 months ago)
Last Synced: 2024-11-18T16:57:11.770Z (about 2 months ago)
Topics: covert-channel, firewall, firewalls, information-hiding, network-security, network-steganography, performance-analysis, research, research-paper, research-project, research-tool, scientific-publications, security-tools, steganography
Language: C
Homepage: http://ih-patterns.blogspot.de/p/nel-tool.html
Size: 95.7 KB
Stars: 3
Watchers: 3
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
- Citation: CITATION.cff

Awesome Lists containing this project

awesome-hacking-lists - cdpxe/NELphase - Network Environment Learning (NEL) Phase for Covert Channels (with a Feedback Channel) (C)

README

# Network Environment Learning (NEL) Phase for Covert Channels (incl. a Feedback Channel and Warden Simulator).

In *Network Steganography* research, a covert channel is a stealthy communication channel. Some covert channels are capable of performing a so-called [**Network Environment Learning** phase](https://www.researchgate.net/publication/229091999_The_Problem_of_Traffic_Normalization_Within_a_Covert_Channel%27s_Network_Environment_Learning_Phase?ev=srch_pub&_sg=yiWm%2Fl1DEUeQDayeMTW0oEMG5Uyxo4zfcmAAOkr6NkJtTx6g7xucnaWMAIFkzvlq_n6tx%2Fpj8MwJkZ%2FDhSCYZtVcY3G8XFjtuD0wGGY97liDms58KUp77JmWf%2F2uLjaFg_9rtZQe80mfDWVt%2BOxdHhJvIgvvSP8%2FJUpvi9Tx32b%2BASAG60z5JBglEJw%2Fx0RbUK) (or: **NEL** phase). Such covert channels can determine how data can be covertly exchanged in a way that countermeasures (firewalls, traffic normalizers, active wardens) can be bypassed.

For instance, a typical covert channel technique is to embed secret data in reserved or unused bits of protocol headers. A typical firewall filter could simply clear the bit to prevent such a covert channel. During the NEL phase, communicating covert channel peers can determine such a filter rule and switch to alternative covert channels.

Although the NEL phase was originally discussed in academia about ten years ago, *no implementation was made available by other researchers*. With *NEL*, **we provide the first public implementation of a NEL phase** on the basis of *scapy* and *libpcap*. In addition, NEL can simulate the influence of regular (static), dynamic and adaptive wardens on the NEL phase. NEL is written in C and runs best under Linux.

**Requirements:**

- Scapy must be installed
- gcc and make
- pcap library, incl. libpcap-dev, must be installed
- pthreads library

**Documentation:** Please have a look at the *[documentation](https://github.com/cdpxe/NELphase/blob/master/documentation/README.md)*.

**My open online class on Network Covert Channels:** available [here](https://github.com/cdpxe/Network-Covert-Channels-A-University-level-Course).

**Other Covert Channel Tools:** See my repository on [network covert channel tools](https://github.com/cdpxe/NetworkCovertChannels).

**Feedback:** Please send requests and feedback to the author ([Steffen Wendzel](https://www.wendzel.de)).