IDS mailing list archives
Re: Detecting covert data channels?
From: jasonj () hotmail com
Date: 8 Jul 2007 09:05:33 -0000
If the data is encoded in the header then it might be very difficult the check the presence of covert channels. www.2factor.us/tunnel.html has discussed and implemented such kind of system where in malicious covert channel is established by the unused header fields and the channel is encrypted. One of the solution (discussed at www.2factor.us/tunnel) for the IPS can be to normalize or enforce policies in the unused header fields. This can prevent the malicious covert channel. ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- Re: Detecting covert data channels? jasonj (Jul 12)
- <Possible follow-ups>
- Re: Detecting covert data channels? jeremy (Jul 17)
- Re: Detecting covert data channels? Eric Hacker (Jul 17)
- Re: Detecting covert data channels? Joff Thyer (Jul 17)