Covert channels are used as a means of secretly transferring information when there is a need to hide the fact that communication is taking place. With the vast amount of traffic on the internet, network protocols have become a common vehicle for covert channels, typically hiding information in the header fields of packets. Domain name service (DNS) packets contain a 32-bit time to live (TTL) fields for each response record. This is the number of seconds the entry is valid for before caching servers remove the entry. There is no prescribed value for this field making it an ideal covert carrier.

Date of creation, presentation, or exhibit



Presented at the 2012 International Conference on Security and Management, Las Vegas, NV, July 16-19.

Document Type

Conference Paper

Department, Program, or Center

Information Sciences and Technologies (GCCIS)


RIT – Main Campus