Covert Channel: ASCII Art Over ICMP 147
An anonymous reader writes "Have you ever had a particularly lossy Cisco ping, which you were sure was trying to tell you something? I mean, really *tell* you something. Echoart allows you to return a simple ascii art image in response to a Cisco-style ping."
This seems... (Score:5, Insightful)
Re:This seems... (Score:4, Funny)
Re:This seems... (Score:2, Funny)
Re:This seems... (Score:5, Funny)
Back in the day, torch wielding mobs were all the rage.
Re:This seems... (Score:2)
In my day, you could barely get 5 people together. And a flaming torch? Luxury!
Re:This seems... (Score:1)
Re:This seems... (Score:5, Funny)
Re:This seems... (Score:2)
Re:This seems... (Score:5, Interesting)
(The IRC thing - well, a friend of mine used to have ASCII art of a hand throwing the finger. Thus, anyone who fingered him got fingered in return...)
IMHO this does, as parent says, seem like a very cool and very harmless bit of fun screwing with corporate level technology. It would also have a good place in the corporate market - if, say, MS incorporated something similar into Longhorn, it could use a Windows logo as its default reply, or various Linux distros could use a Tux, a BSD demon, or a fedora. Other brand-name companies could work an ASCII version of their logo into it.
(Not to mention, you could also use those 70 lines to advertise - provide your company's contact info, or if you're a hosting company, give your pingers a free list of your latest packages. But how long til someone abuses it? Sure, the goatse guy is OK as net humour, but how long til we're fighting off idiots who want to incorporate spam messages in these ping responses?)
Re:This seems... (Score:2)
Unless you're expecting it, and allow your ping to run for 10,000+ count.
Re:This seems... (Score:2)
This is neat, but definitely something that should be kept in the confines of the machine room.
Re:This seems... (Score:4, Funny)
Re:This seems... (Score:2)
Eh? One minute you're suggesting using it for advertising, the next you're saying you hope it isn't used for spam.
This can't be used
Re:This seems... (Score:3, Funny)
Screm ICMP (Score:5, Funny)
Re:Screm ICMP (Score:2, Funny)
Re:Screw ICMP (Score:2)
Oh, great (Score:5, Funny)
Re:Oh, great (Score:5, Funny)
I, for one, am tired of seeing that guy's ASCII.
Re:Oh, great (Score:5, Funny)
I, for one, am tired of seeing that guy's ASCII.
Oh, come on. It builds character. You never know when it might be your * .
Re:Oh, great (Score:2, Insightful)
Or your O, in the case of the goatse fella.
Re:Oh, great (Score:5, Funny)
Re:Oh, great (Score:3, Insightful)
i'll put 5 on your one of those brainwashed windows idiots, who thinks they should put their computer into "STEALTH" mode. Newsflash idiot, any sufficiently intelligent scanner (eg, nmap) can tell if your machine is there.
I'm not kidding, try it.
Re:Oh, great (Score:2)
Tell me, if my computer silently drops all unsolicited incoming data, how do you tell it's there?
Re:Oh, great (Score:2, Informative)
If a host is not found on the network, the nearest router is expected to send an ICMP "Host Unreachable" message to the sender.
Re:Oh, great (Score:1, Informative)
BECAUSE, GENIUS, SILENTLY DROPPING PACKETS IS CONTRARY TO THE RFC's. If a router is agreeing to pass the packets to the target address, and no reply or rejection or acknowledgement is being returned, then we know that the router believes there is a machine ready to receive the packets. Fyodor has honed nmap's ability to tell whether there is legitimate packet loss, network issues or whatever, of if the machine is using a packet filter. you have been brainwashed by that steve gib
Re:Oh, great (Score:2)
Re:Oh, great (Score:3, Insightful)
(yes I know it was a joke but blocking pings is a good idea)
No it's not. Blocking all ICMP can lead to odd problems. It's fine to block echo-replies that you never requested but blocking all ICMP is dumb.
Re:Oh, great (Score:2)
fun for... (Score:4, Funny)
Re:fun for... (Score:1)
Interesting (Score:5, Funny)
Comment removed (Score:4, Insightful)
Slashdot's RSS feed? (Score:1)
800 Meg of stolen code... (Score:5, Funny)
Re:800 Meg of stolen code... (Score:1)
While this is indeed almost pathetic to think that this may be the only element "gained" from stolen code (if that is even the case) if it is truly all that is gained, it bodes well for Cisco's code security...if they could only keep it from being stolen...again.
From echoart.c... (Score:5, Interesting)
hmm (Score:5, Funny)
nothing special =(
Re:hmm (Score:3, Funny)
hello.jpg (Score:4, Funny)
Re:hello.jpg (Score:1, Funny)
Re:hello.jpg (Score:2, Funny)
Re:hello.jpg (Score:2)
How long do you suppose it'll be before someone starts using this to send an ASCII-art goatse.cx guy in response to pings?
http://www.asciipr0n.com/pr0n/morepr0n/pr0n65.txt [asciipr0n.com]
Not very long at all... =P
Nice (Score:5, Funny)
Re:Nice (Score:1)
Re:Nice (Score:1)
Re:Nice (Score:2)
Thanks! I laughed so loud that people from two offices down from me had to come and see! Now they know I was reading
BTW truly inspired!
ahh.. (Score:5, Funny)
Re:ahh.. (Score:2, Funny)
I'm starting work on... (Score:5, Funny)
Re:I'm starting work on... (Score:4, Funny)
You travel north.
The Grue's lair
You are in the lair of a giant grue. It is dark, and you might be eaten by it.
56H 42V 500X 0C Exits:S>
The grue mauls you with his teeth!
32H 42V 500X 0C Exits:S>
C:\> ping grue
You attack the grue with a vicious ping!
The grue is incapacitated and will slowly die, if not aided.
32H 42V 500X 0C Exits:S>
C:\>
The grue is dead! R.I.P.
You receive 500X! You raise a level!
Finally! (Score:4, Funny)
Oh no... (Score:5, Funny)
Re:ASCII a stupid question... (Score:2)
Send in the trolls! (Score:2)
(Actually, this could almost be useful for a SMTP server as a response to spammers. Almost.)
I'm getting a lot of lossy pings now! (Score:1)
I would be happy (Score:5, Funny)
Re:I would be happy (Score:1)
Maybe we have to ping it to get it display the page?
Did this on port 23, once.. sort of. (Score:5, Interesting)
I, the guy that owned the machine, was figure A. The guy trying to telnet to my machine was figure B. After figure B was reduced to a crater I printed some message along the lines of "you aren't welcome here, go away".
Ran it out of hosts.deny and left it up for quite a while. I was bored, sounded more fun than setting up a firewall like I should have.
It worked surprisingly well, even with the windows telnet client.
Re:Did this on port 23, once.. sort of. (Score:1)
TCP ASCII??? (Score:1)
Yeah, the article is doing this right now... (Score:5, Funny)
44 0 0 33333
44 00 0 33 33
44 4 0 00 3
44 4 00 00 3 33
444 44 0 0 3
44 0 0 3 33
4 00 00 3333
I guess it works!
Re:Yeah, the article is doing this right now... (Score:2)
Argh not another way (Score:5, Funny)
Re:Argh not another way (Score:2, Insightful)
Celebration (Score:2, Funny)
When I see an article here about ASCII art... (Score:2, Funny)
Slashdot, why have you so poisoned my mind??
Ascii art programs out there? (Score:1)
Re:Ascii art programs out there? (Score:2, Informative)
Have a look.
Re:Ascii art programs out there? (Score:1, Informative)
http://www.jdneff.com/ [jdneff.com]
Re:Ascii art programs out there? (Score:1)
www.degraeve.com/gif2txt.shtml [degraeve.com]
Rather I'd suggest trying a real ASCII art editor such as PabloDraw for Windows:
pablo.etoxn.ca/PabloDraw.aspx [etoxn.ca]
mirror (Score:4, Informative)
http://www.unixauthority.com/~fiskeja/mirror/mirro r1.internap.com/echoart/ [unixauthority.com]
I don't need to send a ping, (Score:2)
How about sendmail? (Score:3, Funny)
Building the art (Score:2, Informative)
Re:Building the art (Score:1)
Cisco-style ping? (Score:2)
What is a "Cisco-style" ping? Does it differ from normal ping? I'm guessing it must, as conventional ping prints lines of text, not providing a means of drawing ASCII art.
Re:Cisco-style ping? (Score:2, Informative)
I had to look it up too... (Score:4, Interesting)
The results then get displayed in order, with a dot displayed for every packet that times out and a ! displayed for every packet that actually gets echoed back.
So the upshot of this is that the echo art program isn't actually sending artwork, it's responding to packets or not responding to packets based on the artwork file you give it, which will cause it to draw the art on the other side, the guy doing the pinging.
Neat trick, actually.
Oops... Additional... (Score:3, Interesting)
Cisco style ping: "A '.' is printed for every packet sent and a backspaced '!' for every valid response."
So it prints a . then backspaces over it and prints a ! if it gets a response.
Virgin Mary (Score:4, Funny)
Re:Virgin Mary (Score:1)
simple script (Score:2, Interesting)
tcpdump -lni dc0 'icmp[0] == 8' | \
while read x input x ip x; do \
nemesis-icmp -v -i 0 -S ${ip//:/} -D $input -P $input_file; \
done
substitute hping or whatever your tool of choice is.
and if you want it to only reply to specific OS's then obsd's tcpdump can do it with -o and an extra condition in the script.
-nocfed
Another anonymous P2P idea. (Score:2)
Discuss.
Re:Another anonymous P2P idea. (Score:2)
Re:Another anonymous P2P idea. (Score:1)
Since 'ping www.google.com' is my network test utility of choice, I would not be to happy to see this come down.
Also, the downloader still has to broadcast an IP to make this happen, though I doubt there will be a practical solution to that one, ever.
Re:Another anonymous P2P idea. (Score:2)
I'm not trying to protect the receiver, only the sender. If you look at lawsuits, they target the guys with the files. And anyway, you could choose any host you like that returned ICMP.
Lameness filter encountered. Post aborted! (Score:2, Funny)
Blinded (Score:1)
Ha! Could this work with Spam? (Score:1)
Crop Circles! (Score:2, Funny)
<Tinfoil hat>The aliens have a new way of passing information to the chosen. I saw Mulder ping this site and got a map to the next landing coordiates. If you believe, you can see it.</Tinfoil hat>
Psst. Hey buddy, can I borrow a
where can I get a cisco style ping for RH 7.2? (Score:1)
site doesnt have a configuration script so
it wont run make on my RH 7.2 box.
I have the echoart up and ready to go but
im missing the ping program..
damn!
thanks for any help.
Re:where can I get a cisco style ping for RH 7.2? (Score:1)
Cisco code leak... (Score:1)
I m outta here
ICMP echo packets are very versatile (Score:2)
Re:Why?? Aliens? Reliving youth? (Score:3, Funny)
Generally seems like somebody is deperately trying to hang on to the BBS days.
Well the site is loading as fast as the BBS days so that's somewhat nostalgic right there...
Re:Nothing new ... (Score:2, Informative)
Banner(6) is a *nix program which outputs ASCII art of a string, on the standard output.
This program sends packets in a designated pattern, and it can be used to send ASCII art of any kind, over ICMP.
These two programs have almost nothing in common, except that you could probably use banner to create the art for this program.
Re:Nothing new ... (Score:1)
Someone who probably understood what I meant.
These two programs have almost nothing in common, except that you could probably use banner to create the art for this program.
That was my point. This program doesn't seem to be anything but a slightly sophisticated version of 'banner' that is able to intercept and send packets over a Cisco network. As I said before, nothing new ...
Re:Nothing new ... (Score:3, Insightful)
The part that's in bold is the part that's new.
Cretin.
Re:Nothing new ... (Score:2)
~% apt-get install cowsay
...
~% cowsay Moo
_____
< Moo >
-----
\ ^__^
\ (oo)\_______
(__)\ )\/\
||----w |
|| ||
this revolutioning program also includes the additional utility 'cowthink'.
Fantastic thing, this modern technology!