Covert Storage Channel

From Guidance Share

Jump to: navigation, search



The existence of a covert storage channel in a communications channel may release information which can be of significant use to attackers.

Applies To

  • Languages: All
  • Operating platforms: All


An excellent example of covert storage channels in a well known application is the ICMP error message echoing functionality. Due to ambiguities in the ICMP RFC, many IP implementations use the memory within the packet for storage or calculation. For this reason, certain fields of certain packets -- such as ICMP error packets which echo back parts of received messages -- may contain flaws or extra information which betrays information about the identity of the target operating system. This information is then used to build up evidence to decide the environment of the target. This is the first crucial step in determining if a given system is vulnerable to a particular flaw and what changes must be made to malicious code to mount a successful attack.


  • Confidentiality: Covert storage channels may provide attackers with important information about the system in question.


  • Including unnecessary, additional information in a network packet


  • Implementation: Ensure that all reserved fields are set to zero before messages are sent and that no unnecessary information is included.

Vulnerability Patterns

How Tos

Personal tools