Vulnerability Development mailing list archives
RE: Covert Channels
From: Anton Aylward <aja () si on ca>
Date: 23 Oct 2002 17:23:13 -0400
On Wed, 2002-10-23 at 16:29, Michal Zalewski wrote:
On Wed, 23 Oct 2002, Richard Masoner wrote:In the Trusted Systems world, covert channel analysis and detection is something that is done, and in that community it's considered science, not snake oil.The discussion, as far as I recall, is about typical (n)IDS implementations that protect regular servers, trying to detect any hidden data streams established between two network endpoints. There are only two cases where this kind of detection would be useful compromised internal host, or a hostile user. Whether it makes sense to discuss and/or deploy this functionality, is one of the subjects of the discussion.
Quite so. If you think of something like frequency-agile radio, we have the case of a covert channel where neither endpoint is "compromised" and the purpose of the technology in this case is to remain undetectable (by the channels being barely above background noise) and untappable (since something like a one-time pad is used to control channel switching). /anton
Current thread:
- Re: Covert Channels, (continued)
- Re: Covert Channels FX (Oct 17)
- RE: Covert Channels Jeremy Junginger (Oct 18)
- RE: Covert Channels Chris Anley (Oct 22)
- RE: Covert Channels Frank Knobbe (Oct 23)
- RE: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Richard Masoner (Oct 23)
- RE: Covert Channels Omar Herrera (Oct 23)
- Re: Covert Channels Timothy J. Miller (Oct 23)
- Re: Covert Channels David Wagner (Oct 24)
- RE: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Brooke, O'neil (EXP) (Oct 23)
- RE: Covert Channels Anton Aylward (Oct 23)
- RE: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Jose Nazario (Oct 24)
- Re: Covert Channels David Wagner (Oct 24)