icmptunnel: Tunnel IP over ICMP
icmptunnel is a tool to tunnel IP traffic within ICMP echo request and response (ping) packets. It’s intended for bypassing firewalls in a semi-covert way, for example when pivoting inside a network where ping is allowed. It might also be useful for egress from a corporate network to the Internet, although it is quite common for ICMP echo traffic to be filtered at the network perimeter.
While there are a couple of existing tools which implement this technique, it provides a more reliable protocol and a mechanism for tunneling through stateful firewalls and NAT.
Installation
git clone https://github.com/jamesbarlow/icmptunnel.git
The tool uses a plain Makefile to compile and install.
Use make to compile icmptunnel.
Quickstart:
First, disable ICMP echo responses on both the client and server. This prevents the kernel from responding to ping packets itself.
# echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
On the server-side, start icmptunnel in server mode, and assign an IP address to the new tunnel interface.
# ./icmptunnel –s
opened tunnel device: tun0
(ctrl-z)
# bg
# /sbin/ifconfig tun0 10.0.0.1 netmask 255.255.255.0
On the client-side, point icmptunnel at the server, and assign an IP address.
# ./icmptunnel <server>
opened tunnel device: tun0
connection established.
(ctrl-z)
# bg
# /sbin/ifconfig tun0 10.0.0.2 netmask 255.255.255.0
At this point, you should have a functioning point-to-point tunnel via ICMP packets. The server side is 10.0.0.1, and the client-side is 10.0.0.2. On the client, try connecting to the server via SSH:
# ssh root@10.0.0.1
Password:
To use the remote server as an encrypted SOCKS proxy:
# ssh -D 8080 -N root@10.0.0.1
Password:
Now point your web browser at the local SOCKS server.
Further Information
See ./icmptunnel -h for a list of options.
Source: https://github.com/jamesbarlow/