CCTT - Covert Channel Tunneling Tool v0.1.4 - FAQ
Copyright (C) 2002,2003 Simon Castro - scastro@entreelibre.com
$Id: FAQ,v 1.5 2003/03/23 17:06:53 simsim Exp $

---

  This file is part of CCTT - Covert Channel Tunneling Tool v0.1.4 (C) Simon Castro.
  Cctt is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
  Cctt is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
  You should have received a copy of the GNU General Public License along with Cctt; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

---

Question 1 : I'm using the PERM_USER and PERM_CHROOT directives and CCTT is configured to log on my Syslogd daemon. The CCTT server sends its initialization messages to the Syslogd but the verbose messages are not recorded in the logs.

Answer 1 : Before using the PERM_CHROOT directive and jailing the binary, the CCTT server sends its initialization messages to the Syslogd. So you have the initialization messages. Then, when the binary is jailed, the CCTT server needs /dev/log to send its verbose messages - But the root changed... 

  To solve this problem :
    * Create a dev directory (root:root, 755) in the jail directory.
    * Configure the Syslogd in such a way that it creates the log socket in the dev directory.
      => You can add the flag "-a /path/to/jail/dev/log" for a standard Syslogd or the flag "-i 'unix /path/to/jail/dev/log' for a modular-syslog daemon.

---

Question 2 : How do I know the timeout value to use with the HTTP Proxy directives ?

Answer 2 : The easiest way to know these values is to use a TCP client (telnet, Netcat, Socat) and to try the connections. You can then know if the proxy servers close the connexions quickly or not.

---

