Vulnerability Development mailing list archives
Re: Covert Channels
From: Michal Zalewski <lcamtuf () dione ids pl>
Date: Wed, 23 Oct 2002 18:04:28 -0400 (EDT)
On Wed, 23 Oct 2002, Blue Boar wrote:
But who cares? The question asked was whether it would be possible to make a covert channel detector product. My answer is that you can do as much with a covert channel detector as with an IDS.
Wrong question - you can make everything into a product, it's a matter of marketing ;-) The real question is, would it be possible to, with same level of coverage and accuracy, cover newer and newer covert channel techniques just like we cover new attack methods? The answer: yes, to a point where covert channels are sophisticated enough to mimick valid traffic to a level that is simply indistinguishable for a human or machine without reading person's mind. There's no such issue with attack detection IDSes, because attacks can be distinguished as a valid traffic, but only to a degree, whereas covert channels can be *made of* valid traffic, simple as that. -- ------------------------- bash$ :(){ :|:&};: -- Michal Zalewski * [http://lcamtuf.coredump.cx] Did you know that clones never use mirrors? --------------------------- 2002-10-23 18:01 --
Current thread:
- Re: Covert Channels, (continued)
- Re: Covert Channels Blue Boar (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Blue Boar (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- RE: Covert Channels Omar Herrera (Oct 23)
- RE: Covert Channels Cade Cairns (Oct 24)
- Re: Covert Channels Roland Postle (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Message not available
- Message not available
- Re: Covert Channels Anton Aylward (Oct 23)
- Re: Covert Channels Blue Boar (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Frank Knobbe (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Michal Zalewski (Oct 23)
- Re: Covert Channels Frank Knobbe (Oct 23)
- Re: Covert Channels Anton Aylward (Oct 23)
- Re: Covert Channels Roland Postle (Oct 24)
- RE: Covert Channels Omar Herrera (Oct 23)