ptunnel-ng

ptunnel-ng copied to clipboard

As mentioned by @cdpxe in #16: Some important points has to be investigated and fixed (see: https://onlinelibrary.wiley.com/doi/full/10.1002/sec.1471):

1. Sniffing of header/payload: The payload is usually SSH/VPN/stunnel based and encrypted. But it is still possible to do a payload or timing analysis to detect the encapsulated protocol. Also the header is not encrypted and therefor can leak important data to middleboxes.
2. Man-in-the-middle attack: Data send/recv is neither authenticated nor integrity checked - header/payload data can be modified ad libitum. The client/server has no chance to discover such cases.

One more comment: I believe that a low-haning fruit would be to implement the magic number as described in section 5.1 of our paper. This will already prevent several rules (e.g. Snort rules) from working correctly as they simply filter for the magic number :) It would then also make it easier to prevent rule-based blocking of the ping tunnel traffic.