Full Disclosure mailing list archives
RE: Interesting idea for a covert channel or I justdidn't research enough?
From: "Paul Melson" <pmelson () gmail com>
Date: Thu, 6 Oct 2005 13:59:56 -0400
-----Original Message-----
I bring this up because the logs generated by the firewall do not
necessarily reside
only on the device that received the sender's packets. With lots of
organizations
working on centralizing log events so that they can correlate findings
from different
platforms, the ability to control the content of portions of log messages
(say, for
example, the source address reported in a syslog message indicating a
dropped packet)
could provide a vector for communicating to highly trusted systems to
which one has no
direct network access.
The problem with this type of hiding-in-plain-sight covert channel is that it is subject to modification between sender and recipient, in this specific case making the victim the man in the middle. An aware victim could quickly become an attacker. The malware applications of this are moderately interesting but the implications of this type of communication model in espionage are extremely interesting. All sorts of implications and impacts (for instance, a double agent might intentionally use this type of communication because it's easily intercepted and modified). I would guess that if there is a book on covert channels for spies out there, this is in the chapter of things NOT to do. PaulM _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Interesting idea for a covert channel or I just didn't research enough? PASTOR ADRIAN (Oct 06)
- Re: Interesting idea for a covert channel or I justdidn't research enough? phased (Oct 06)
- Re: Interesting idea for a covert channel or I just didn't research enough? Bernhard Mueller (Oct 06)
- Re: Interesting idea for a covert channel or I just didn't research enough? Mario 'BitKoenig' Holbe (Oct 06)
- Re: Interesting idea for a covert channel or I just didn't research enough? Michael Holstein (Oct 06)
- Re: Interesting idea for a covert channel or I just didn't research enough? Kevin Wilcox (Oct 06)
- Re: Interesting idea for a covert channel or I just didn't research enough? mudge (Oct 06)
- Re: Interesting idea for a covert channel or I just didn't research enough? foofus (Oct 06)
- Re: Interesting idea for a covert channel or I just didn't research enough? mudge (Oct 06)
- RE: Interesting idea for a covert channel or I justdidn't research enough? Paul Melson (Oct 06)
- Re: Interesting idea for a covert channel or I just didn't research enough? foofus (Oct 06)
- Re: Interesting idea for a covert channel or I just didn't research enough? Jurjen Oskam (Oct 06)
- RE: Interesting idea for a covert channel or I justdidn't research enough? Aditya Deshmukh (Oct 07)
- Re: Interesting idea for a covert channel or I justdidn't research enough? Thierry Zoller (Oct 08)
- Re: Interesting idea for a covert channel or I justdidn't research enough? Jurjen Oskam (Oct 08)
- RE: Interesting idea for a covert channel or I justdidn't research enough? Aditya Deshmukh (Oct 07)
- Re: Interesting idea for a covert channel or I just didn't research enough? Michael Holstein (Oct 06)
- Re: Interesting idea for a covert channel or I just didn't research enough? Frank Knobbe (Oct 06)
- Re: Interesting idea for a covert channel or I just didn't research enough? Bill Weiss (Oct 06)
- Re: Interesting idea for a covert channel or I just didn't research enough? Frank Knobbe (Oct 06)