Vulnerability Development mailing list archives
Re: Covert Channels
From: "Roland Postle" <mail () blazde co uk>
Date: Mon, 21 Oct 2002 19:04:59 +0100
Blocking covert channels may be futile, but detection is another matter :-). Subverting the covert channel to disinform is left as an excercise for the reader.
It may be impossible to block a covert channel, but it's certainly not futile to try. It's long been accepted that all you can do is limit the bandwidth of the channel. I think someone already mentioned the figure 150 bits/sec. Although that was in relation to compartmentalizing security levels within a multi user system, you could imagine getting to a not too dissimilar figure for an IP link, depending on the amount of cover traffic present. I don't believe it's possible to prevent passwords, or control data being passed to and from a compromised host, but you would, for example, be able to prevent someone smuggling the entire Windows source tree out of Microsoft's network. Whether it's worth the effort in any but the most tightly controlled national security critical environments is another matter. - Blazde
Current thread:
- Covert Channels Jeremy Junginger (Oct 16)
- Re: Covert Channels kam (Oct 16)
- Re: Covert Channels Valdis . Kletnieks (Oct 17)
- RE: Covert Channels Ofir Arkin (Oct 18)
- RE: Covert Channels Michal Zalewski (Oct 18)
- Re: Covert Channels David Litchfield (Oct 18)
- Re: Covert Channels Michal Zalewski (Oct 18)
- RE: Covert Channels Ofir Arkin (Oct 19)
- RE: Covert Channels Michal Zalewski (Oct 19)
- Re: Covert Channels Dragos Ruiu (Oct 21)
- Re: Covert Channels Roland Postle (Oct 22)
- Re: Covert Channels Valdis . Kletnieks (Oct 17)
- Re: Covert Channels kam (Oct 16)
- RE: Covert Channels Roland Postle (Oct 21)
- Re: Covert Channels Roland Postle (Oct 17)
- RE: Covert Channels Jeff Nathan (Oct 19)
- RE: Covert Channels Dom De Vitto (Oct 19)