Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

(no subject)

From: 11a () GMX NET (Bluefish)
Date: Sun, 18 Jun 2000 20:42:56 +0200


You CANNOT block someone on the inside from communicating data with the
outside.  It's fairly difficult just detecting such communication if
they don't want you to find it.


Again, probably true.  Maybe not.  For the TCP/IP over DNS, a sudden surge
in DNS traffic would be suspicious.


Covert channels are extremly easy to create, and how to detect them is a
case-to-case task. As on the matter of fooling a censoring proxy, how
about this:

- create a CGI at some site with input url, output the file at the URL.
- output & input encipher (weak cryptography will do trick ;) to avoid
  the proxy
- make some application which automates the receiving process (an advanced
  script might be enough, hacking one of the open source browsers will do
  as well)

If they ever update their proxy, you do a five minute workaround. (change
the code slightly, change site or something). Seems to me like a race the
proxy developers just cannot win.

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team
Previous By Date Next
Previous By Thread Next

Current thread: