Bypassing Firewalls Using ICMP-Tunnel

On the computer network a person feels himself not comfortable with all those security measures implemented (firewalls, proxy servers, Router Access lists…), these measures are very important to protect users but even if all these perimeters are installed we can have a good opportunity to eliminate and bypass them.

Usually there are some standard protocol that are allowed on any network (HTTP/HTTPS, SMTP, POP…) and even for these protocols traffic do not directly go to outside network but it passes by NAT over getaways that will scan and block non legitimate packets.

ICMP protocol has been used by system administrators to send error messages—indicating, for instance, that a requested service is not available or that a host or router could not be reached and while ICMP is required and do not cause a big threat from the security prospective you can find it enabled on most network.

Now there are many programs that allows user to create ICMP Tunnel for having a full access to internet such as (Simple ICMP tunnel, ICMP Shell and PingTunnel), the concept of ICMP tunneling works by injecting arbitrary data into an echo packet sent to a remote computer. The remote computer replies in the same manner, injecting an answer into another ICMP packet and sending it back as a result client performs all communication using ICMP echo request packets.

What I suggest is to use Ping tunnel (Ptunnel) by Daniel Stodle which provides the following functionality:

* Tunnel TCP using ICMP echo request and reply packets
* Connection are reliable
* Handles multiple connection
* Acceptable bandwidth (150 kb/s downstream and about 50 kb/s upstream)
* Authentication to prevent others from using the proxy.

You will need to have 2 machines that runs ptunnel one Client and the second is the ICMP proxy server, On the client:

# ./ptunnel -p -lp -da -dp [-c ] [-v ] [-f ] [-u] [-x password]

On the proxy server:

# ./ptunnel [-c ] [-v ] [-f ] [-u] [-x password]

For Example:

# ./ptunnel -p 192.168.X.X -lp 4567 -da HomeserverIP -dp 80

Do not forget to configure your proxy browser settings to localhost on port 4567 and set the password on both side for authentication. you can use ptunnel for other TCP protocols such as SSH or pop the most important is to change the port value accordingly.The only negative point by using ICMP tunneling that bandwidth are not perfect but acceptable.

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
10 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

[…] This post was mentioned on Twitter by Jovi Umawing, Mourad ben lakhoua and SecureTechnology, A. Vanderslyke. A. Vanderslyke said: Bypassing Firewalls Using ICMP-Tunnel http://bit.ly/94SGtA […]

trackback

RT @Sectechno Bypassing Firewalls Using ICMP-Tunnel http://bit.ly/c7dZR2

trackback

RT @SecuObs | Bypassing Firewalls Using ICMP-Tunnel: http://bit.ly/94SGtA

trackback

RT @CyberSeQrity: Bypassing FWs at hotels RT @mbenlakhoua: Browsing Internet using the PING http://bit.ly/dkvu17 #security #infosec (via …

trackback

RT @MBenLakhoua: Bypassing Firewalls Using ICMP-Tunnel: http://bit.ly/94SGtA

trackback

Bypassing Firewalls Using ICMP-Tunnel:

On the computer network a person feels himself not comfortable with… http://bit.ly/94SGtA

trackback

RT @CyberSeQrity: Bypassing FWs at hotels RT @mbenlakhoua: Browsing Internet using the PING http://bit.ly/dkvu17 #security #infosec (via …

trackback

Bypassing FWs at hotels RT @mbenlakhoua: Browsing Internet using the PING http://bit.ly/dkvu17 #security #infosec (via @sectechno)

trackback

RT @mbenlakhoua: Browsing Internet using the PING http://bit.ly/dkvu17 #security #infosec (via @sectechno)

Pinoy

Just found an app for android that can create a vpn connection using ICMP or ping. it is called DroidVPN http://droidvpn.com/