Vulnerability Development mailing list archives

Re: Covert Channels

From: Blue Boar <BlueBoar () thievco com>
Date: Wed, 23 Oct 2002 10:28:51 -0700

Jose Nazario wrote:

for the reasons clearly stated by several bright individuals on this topic
previously, any product which claims to detect and defeat covert channels
on a network (or even a multiuser system) is snake oil.

No more than an IDS vendor. An IDS does not stop, or even detect, allintrusions. A covert channel detector would be the same thing (and wouldprobably just be an IDS add-on.) That is, it would detect known covertchannel methods, might have some logic to detect some possible unknownattempts. It would have frequent signature updates, etc... you know the drill.

If someone thinks an IDS is useful (and I'm not trying to say they aren't)then there is no reason to think a covert channel detector wouldn't beuseful for the same reason.

BB

Current thread:

RE: Covert Channels, (continued)
- - - RE: Covert Channels Dom De Vitto (Oct 19)
- Re: Covert Channels Craig Baltes (Oct 17)
- Re: Covert Channels CJ Oster (Oct 17)
- Re: Covert Channels Rohit Sharma (Oct 17)
- Re: Covert Channels Chris Reining (Oct 18)
- Re: Covert Channels Darryl Luff (Oct 18)
  - Re: Covert Channels Valdis . Kletnieks (Oct 18)
  - Re: Covert Channels Jeff Nathan (Oct 19)
- Re: Covert Channels Frank Knobbe (Oct 23)
  - Re: Covert Channels Jose Nazario (Oct 23)
    - Re: Covert Channels Blue Boar (Oct 23)
    - Re: Covert Channels Michal Zalewski (Oct 23)
    - Re: Covert Channels Blue Boar (Oct 23)
    - Re: Covert Channels Michal Zalewski (Oct 23)
    - RE: Covert Channels Omar Herrera (Oct 23)
    - RE: Covert Channels Cade Cairns (Oct 24)
    - Re: Covert Channels Roland Postle (Oct 23)
    - Re: Covert Channels Michal Zalewski (Oct 23)
    - Message not available
    - Message not available
    - Re: Covert Channels Anton Aylward (Oct 23)
    - Re: Covert Channels Blue Boar (Oct 23)
    - Re: Covert Channels Michal Zalewski (Oct 23)

(Thread continues...)