Covert channel communication is one of the most sophisticated evasion techniques described in CEH v13 Evasion Techniques. By embedding malicious data within unused or rarely inspected protocol fields (such as IP headers), attackers can bypass firewalls, IDS, and IPS systems entirely.
Unlike polymorphic malware (Option C), which can still be detected using behavior analysis, covert channels blend seamlessly into legitimate traffic. Packet fragmentation (Option D) is well-known and often mitigated. Honeypot spoofing (Option B) is rare and defensive in nature.
CEH v13 emphasizes that covert channels are difficult because:
They do not violate protocol specifications
They evade signature-based and stateful inspection
They appear as normal traffic
Detecting covert channels often requires deep protocol analysis and statistical traffic inspection, making them extremely challenging to mitigate.
Thus, Option A is the correct answer.
