Re: huawei

[Scott Helms <khelms () zcorum com>]

Really? In a completely controlled network then yes, but not in a
production system.  There is far too much random noise and actual latency
for that to be feasible.
On Jun 14, 2013 7:35 PM, "Jimmy Hess" <mysidia () gmail com> wrote:

> On 6/14/13, Scott Helms <khelms () zcorum com> wrote:
>
> > backdoors (intentional or not) are in most if not all gear.  Having said
> > that, it would still be pretty obvious in mass and over time to have
> > packets going to a predesignated host.  Its not really possible for a box
> > to know whether its in a "real" network or a lab with Spirent or other
> > traffic generator hooked to it.
>
> It wouldn't have to send packets to a predefined host.
>
> Conceivably,  it could leak  bits of information by modulating the
> timing of packets forwarded by it,  the spacing in times of packets
> from simple legitimate HTTP,  DNS, or ICMP response,  from behind the
> router,  for protocols involving multiple RTTs,  could be   used to
> encode bits of information to be transmitted covertly.
>
> ;   furthermore,  the signalling  to start communicating over the
> "timing based" hidden channel,   could be established   in various
> ways that would thoroughly disguise the malicious nature of the
> attacker's signalling.
>
> --
> -JH