Covert communications on Linux
Secret Tunnels

Moving data to and from Linux systems under the radar.
We have all been there: You plug in or connect to the wireless network, and it doesn't work right. Then you try to ssh to your server and you get "connection failed." Trying to connect to your mail server on port 25 using TLS (Transport Layer Security, aka encryption) leaves you staring at the banner for the local ISP's mail proxy, or you get another failed connection. But all is not lost – at least you can surf the web. Unfortunately, every time you mistype a URL, you end up at the ISP's search page, and anything with questionable content, such as hacking, is blocked.
At this point, you have two choices: find a good book to read, or use VPN software to get a connection to a remote host by bypassing whatever breakage or filtering is occurring. However, some of the really evil – or just plain incompetent – ISPs also block common VPN software and SSH in an effort to prevent unfettered Internet access through their networks. Much like trying to stop a cat from getting into a cardboard box, if you try to prevent geeks from doing something, the chances are they will only try that much harder.
If you can pass any form of data to a remote system (IPSec, SSH, http, instant messages, smoke signals), then you can use that channel to carry anything you want. An ISP can only block or filter so much traffic before it becomes completely unusable. The trick is to find a network protocol that is allowed and that is not modified (much) on the fly and that can do this with existing software that lets you tunnel data over the top of it.
[...]
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

News
-
Wayland 1.24 Released with Fixes and New Features
Wayland continues to move forward, while X11 slowly vanishes into the shadows, and the latest release includes plenty of improvements.
-
Bugs Found in sudo
Two critical flaws allow users to gain access to root privileges.
-
Fedora Continues 32-Bit Support
In a move that should come as a relief to some portions of the Linux community, Fedora will continue supporting 32-bit architecture.
-
Linux Kernel 6.17 Drops bcachefs
After a clash over some late fixes and disagreements between bcachefs's lead developer and Linus Torvalds, bachefs is out.
-
ONLYOFFICE v9 Embraces AI
Like nearly all office suites on the market (except LibreOffice), ONLYOFFICE has decided to go the AI route.
-
Two Local Privilege Escalation Flaws Discovered in Linux
Qualys researchers have discovered two local privilege escalation vulnerabilities that allow hackers to gain root privileges on major Linux distributions.
-
New TUXEDO InfinityBook Pro Powered by AMD Ryzen AI 300
The TUXEDO InfinityBook Pro 14 Gen10 offers serious power that is ready for your business, development, or entertainment needs.
-
LibreOffice Tested as Possible Office 365 Alternative
Another major organization has decided to test the possibility of migrating from Microsoft's Office 365 to LibreOffice.
-
Linux Mint 20 Reaches EOL
With Linux Mint 20 at its end of life, the time has arrived to upgrade to Linux Mint 22.
-
TuxCare Announces Support for AlmaLinux 9.2
Thanks to TuxCare, AlmaLinux 9.2 (and soon version 9.6) now enjoys years of ongoing patching and compliance.