CCTT - Covert Channel Tunneling Tool v0.1.8 - FAQ
Copyright (C) 2002,2003 Simon Castro - scastro@entreelibre.com
$Id: FAQ,v 1.6 2003/08/29 10:11:51 simsim Exp $

================================================================================
This file is part of CCTT - Covert  Channel  Tunneling  Tool  v0.1.8  (C)  Simon
Castro.
CCTT is free software; you can redistribute it and/or modify it under the  terms
of the GNU General Public License as published by the Free Software  Foundation;
either version 2 of the License, or (at your option) any later version.
CCTT is distributed in the  hope  that  it  will  be  useful,  but  WITHOUT  ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS  FOR A
PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General  Public  License  along  with
CCTT; if not, write to the Free Software  Foundation,  Inc.,  59  Temple  Place,
Suite 330, Boston, MA  02111-1307  USA
================================================================================

Question 1 : I'm using the PERM_USER and  PERM_CHROOT  directives  and  CCTT  is
configured to log on my Syslogd daemon. The CCTT server sends its initialization
messages to the Syslogd but the verbose messages are not recorded in the logs.

Answer 1 : Before using the PERM_CHROOT directive and jailing  the  binary,  the
CCTT server sends its initialization messages to the Syslogd. So  you  have  the
initialization messages. Then, when the binary is jailed, the CCTT server  needs
/dev/log to send its verbose messages - But the root changed... 

  To solve this problem :
    * Create a dev directory (root:root, 755) in the jail directory.
    * Configure the Syslogd in such a way that it creates the log socket in  the
      dev directory.
      => You can add the flag "-a /path/to/jail/dev/log" for a standard  Syslogd
         or the  flag  "-i  'unix /path/to/jail/dev/log'  for  a  modular-syslog
         daemon.

================================================================================

Question 2 : How do I know  the  timeout  value  to  use  with  the  HTTP  Proxy
directives ?

Answer 2 : The easiest way to know these values is to use a TCP client  (telnet,
Netcat, Socat) and to try the connections.  You  can  then  know  if  the  proxy
servers close the connexions quickly or not.

================================================================================
